Guidance & Legislation

Data Protection Dos and Don’ts

Practical data protection guidance to consider:


  • keep personal data safe – it’s everyone’s responsibility
  • think before you speak – a disclosure can be spoken as well as written
  • ensure you are authorised to take information off site – including hard copy/paper files
  • wherever possible use remote access instead of taking information off site
  • shred personal data before you dispose of it and use confidential waste sacks
  • ensure personal data is accurate and up to date
  • be aware of retention and disposal guidelines – data cannot be kept indefinitely
  • know who you are allowed to share information with (data sharing protocols)
  • be aware of all GDPR, School and Barnet Authority data protection, GDPR and information governance policies and procedures
  • ask for advice if you’re not sure


  • ignore potential risks – report incidents or concerns to the Headteacher or DPO (Data Protection Officer)
  • email sensitive information unless you are sure it is encrypted
  • leave your media devices unattended e.g. in your car
  • store or send personal data on removable media (e.g. SD Cards, USB drives)
  • assume you can disclose personal data to another member of staff
  • leave mark books, written information of a sensitive nature and printouts lying around – even accidental disclosures are considered a breach
  • use personal data for a different purpose without considering GDPR and data protection regulations
  • write any comment about any individual that is unfair or untrue which you would be unable to defend if challenged.
  • You should always assume that anything you write about a person will be seen by that person.