Website Cookie Policy

We use cookies to give you the best possible online experience. If you continue, we’ll assume you are happy for your web browser to receive all cookies from our website.
See our cookie policy for more information.

✓ Accept & Close

Practice Areas

More Information

thepartners@wrigleys.co.uk

Leeds: 0113 244 6100

Sheffield: 0114 267 5588

FOLLOW WRIGLEYS:

Send us an enquiry
Close

Schools warned over use of pupil photos

12 March 2020

The Information Commissioners Officer (ICO) has recently issued reprimands to two schools.

The schools which sent a class photo, in one case, to the local paper and, in the other, home to parents included the images of pupils whose parents had previously refused consent for their children's images to be shared.

On its blog, the ICO has sought to stress the lesson to be learnt by schools:

  • Photos (including videos) taken for official school use, such as on its website, in a prospectus or to be sent out to newspaper, will be covered by data protection rules;
  • Ensure that the school has robust procedures for processing any personal data.  That includes:
    • knowing what personal data you hold, where and for what lawful purpose;
    • having appropriate data protection policies and procedures;
    • ensuring that staff are trained on and understand those policies and procedures.  Keep a training record and ensure staff are regularly reminded.  Many will be handling personal data daily, including special category data (e.g. health, ethnicity);
    • reporting any breach to the school's data protection officer, and as required to the ICO, as soon as possible.
  • This shouldn't be seen as any prohibition on taking photos, including by parents at a school event for personal use

Separately the ICO has recently announced two new key services which can help schools, and others, show accountability through the development of GDPR Codes of Conduct and Certification Schemes.  Directed toward sector wide and representative organisations, rather than any individual school or academy or multi-academy trust, the schemes can demonstrate compliance and provide reassurance to parents and others. At present there are no approved Codes or accredited certification bodies for issuing GDPR certificates. Further detail is available on the ICO website.

Our article last month, GDPR in schools – ensuring best practice, highlighted the ongoing ICO audit of schools and academies.  Audit reports, and their executive summaries, have flagged various issues which all schools can look to assist with improving their own compliance.

 Wrigleys' education team have data protection experts who have already worked alongside schools and academies to assist in reviewing and updating data protection compliance and to provide general and specific training.

If you would like to discuss any aspect of this article further, please contact Nick Dunn, Sue King or any other member of the Education team on 0113 244 6100.

You can also keep up to date by following Wrigleys Education on Twitter here

The information in this article is necessarily of a general nature. Specific advice should be sought for specific situations. If you have any queries or need any legal advice please feel free to contact Wrigleys Solicitors
Chris Billington View Biography

Chris Billington

Partner
Leeds

News
Events
Publications
25 Jul 2024

New Statutory Safeguarding Guidance: Keeping Children Safe in Education 2024

Updated guidance for schools, colleges and academy trusts from 1 September 2024

Click here to read more
23 Jul 2024

Charity Governance Code Refresh 2024 – have your say before 11 August 2024

A public consultation on the Charity Governance Code has been launched to gather views and feedback to inform a further refresh of the Code.

Click here to read more
17 Jul 2024

The importance of compliance and some lessons learned for academy trusts

We look here at why compliance is important and some key observations from our compliance work with academy trusts.

Click here to read more
Read All News