Your Responsibilities as Data Controller
The information below is not intended as legal advice and should not be relied upon as such but is intended to help you comply.
We always advise you to seek further help from your own data privacy team, Data Protection Officer (DPO) or legal advisors when determining your requirements under the UK GDPR Data Protection Act 2018.
Lawful Basis for Processing
As a data controller you will need to make sure you have (and document) a legal basis for processing personal information using our products and services. The UK Information Commissioner publishes details of appropriate Legal Basis here in case you need advice and guidance.
Privacy Notices
You should also provide parents and children with appropriate privacy notices where you process personal information see here for examples provided by the Department of Education.
Data Privacy Impact Assessment
We would recommend that you consider conducting a Data Protection Impact Assessment wherever you conduct processing involving children’s personal data, including where you use some of our services. You can find out more about what this means and what is required here
Sign Our Data Processing Agreement
As a Data Controller you need to put in place a contract with SWGfL as your Data Processor Why do I need this?
Sign a Data Processing Agreement for SWGFL Services
In order to use our products and services as a Data Controller you will need to download, sign and return our Data Processing Agreement. And return it to privacy@swgfl.org.uk. It has already been signed by SWGfL so once you sign it is legally binding.
Note: This DPA will only be effective (as of the Effective Date) if executed and submitted as set out above.
Does anyone else have access to your data?
SWGFL uses sub-processors to manage some of your information. For a current list of our sub-processors please see here.