The General Data Protection Regulation (GDPR) requires that schools have both a:

  • Data Protection Officer
  • Data Controller


Councils are required to appoint a Data Protection Officer and all users are entitled to view his/her transparent contact details, ie the contact information must be readily available to users, eg staff, pupils, parents and other users

Your school should appoint a Data Controller. Again transparent contact details are required. The data controller must ensure that all consents required from data subjects have been obtained in order to commence the processing of the personal data. To that end OTB makes provision to record these post holders, and display details to users.