Social Media for Schools
Written on 28 January, 2025
Are you considering setting up a social media account? Do you have a school social media account or many different platforms and are they ready for a review?
There may be many benefits for schools to use and engage in a social media platform to showcase their school. From sharing good news, school events and celebrations, publicity and being part of the community to name but a few. However, should your school or trust decide to adopt Social Media platforms then important considerations should be made, these include being mindful of school’s obligations under UK data protection laws with regards to the processing of personal data.
The list below is not exhaustive, however here are a few things to keep in mind:
- Have you adopted our social media policy template?
- Have you completed a social media DPIA?
- Who is your audience – is It a public or private or group account? How will you use social media and what information will you post?
- Are your privacy settings within the account up to date?
- Do you know who has access to and posts on your social media (or your school website) –What happens if those authorised leave or are off work ill? Is there a contingency plan?
- Are your consents sufficient and up-to-date and checked before publishing images/videos/posts?
- Do you have a process for removing images when someone changes their consent?
- Do you check/vett the images/videos before posting? E.g. ensuring that students are appropriately dressed, considering what sensitive information is on view in the background/classrooms, are you showing a certificate where children are named?
- Is there a housekeeping plan for the images/videos and posts, which includes how long the information/images will show and when they will be removed. Does this regularly take place? Consider the digital footprint and its impact of the child or individual posted and advances in AI.
- Regularly review the platform to ensure it is still suitable for your school’s purpose and need.
- Report – If a breach occurs ensure mitigating action is taken and report the breach incident ASAP on GDPRiS. A notifiable breach must be reported to the ICO without undue delay, but not later than 72 hours after becoming aware of it.