It comes as no surprise that within the school day, data protection is not always at the top of mind. Dealing with students and parents quite rightly takes priority. At the same time a tiny primary school is regulated in the same way as a multi-national corporation.
No single person has the expertise or time to manage all of the requirements. Instead a small contribution from all staff is the way to bring the school into line with the requirements.
Having clear procedures in place to deal with subject access requests and breaches and good knowledge of the personal data used in school are essential features of the management of GDPR.
It is the positioning of the need for data protection that can make the difference. Nobody in school would argue that safeguarding concerns should be dealt with swiftly and effectively. Issues with data protection can have direct safeguarding impact as well as threatening the finances and reputation of the school.