GDPR Basics for Schools and Organisations (Controller vs Processor)

Who is this for?

  • Tenant Admins

Overview

Understanding your role under the UK General Data Protection Regulation (UK GDPR) is critical for compliance. This guide clarifies the division of responsibility between you (the School/Club) and Oakline.

Roles Explained

Data Controller: You (The Tenant)

As the organization that decides why and how personal data is processed, you are the Data Controller.

  • You collect data from parents (names, medical info, etc.).
  • You decide how long to keep it.
  • You are responsible for obtaining consent (e.g., for photos).

Data Processor: Oakline

Oakline is the Data Processor. We process data on your behalf and strictly according to your instructions (i.e., when you use the software to store a record).

  • We provide the secure platform for you to store and manage data.
  • We do not use your customer data for our own marketing purposes.
  • We assist you in meeting your compliance obligations (e.g., providing export tools).

Responsibilities Table

Responsibility You (Controller) Oakline (Processor)
Legal Basis Establish legal basis (e.g., contract, consent) Process only as instructed
Transparency Inform parents via your Privacy Policy Maintain platform security
Rights Respond to Subject Access Requests Provide tools to help you respond
Breaches Notify ICO if required Notify you without undue delay

Related Articles

Related Articles
Handling Data Requests (Access, Export, Deletion)
Payments Security (Stripe / PCI)
Security Overview (How Oakline Protects Your Data)
Sub-processors and Third-Party Services
Still stuck?

Our support team is happy to help.

Contact Us
Was this article helpful? Yes No