Blog · 1 July 2026

GDPR-compliant digital signage for UK schools

Schools ask us this question more than any other: 'Is putting X on a screen a GDPR problem?' This isn't legal advice, but it's a plain-English checklist that will get most UK schools 90% of the way there — and it's what our own school customers use.

  • UK GDPR essentials
  • Data-hosting
  • Photo consent
  • DPIA checklist

The one-sentence version

UK GDPR treats a digital screen the same as a printed noticeboard: if the content identifies a person, you need a lawful basis for showing it, and you need to be able to switch it off quickly if consent is withdrawn.

What's fine to show without consent

  • Announcements and news that don't name individuals.
  • Class-level timetables ('Year 7 — Maths — Room 4').
  • Whole-school events and calendars.
  • Safeguarding messages, fire-drill info, weather, catering menus.

What needs consent or a DPIA

  • Individual pupil photos with names.
  • Named merit / award boards for pupils under 13.
  • Live attendance or biometric check-in feeds.
  • Wayfinding tied to a named pupil ('Alex Smith → Room 2').

Data-hosting and transfers

Choose a provider that hosts pupil-derived data in the UK or EEA. Viewli's dashboard, media and player state all run on UK-hosted infrastructure, and the sub-processor list is short and public. That's what most trusts want to see in a supplier questionnaire.

Practical controls to insist on

  • Role-based access: teachers can add content, only the designated 'signage owner' can approve pupil-identifying content.
  • Approval workflow before content goes live.
  • Audit log of every publish action, retained 12+ months.
  • One-click 'blank all screens' for incidents.
  • Auto-expiry on content items so photos don't linger.

The 5-minute DPIA checklist

  1. What personal data will appear on screens?
  2. What's the lawful basis for each item?
  3. Who can add / approve / view?
  4. Where is the data hosted, and who processes it?
  5. How is consent captured and withdrawn?
  6. How long is the content retained?
  7. What's the take-down process if a parent objects?

Where Viewli fits

Viewli ships with roles, approvals, audit logs, per-item expiry and a blank-all-screens control out of the box — designed for exactly this compliance shape. Explore the internal-comms features or start a 30-day trial.

Frequently asked questions

Do we need parental consent to show pupil photos on signage?

Yes for identifiable images. Under UK GDPR, a photo of a named or recognisable pupil is personal data. Schools should rely on parental consent (or, for pupils 13+, the pupil's own consent) and keep a withdrawn-consent list.

Is a timetable on a hallway screen personal data?

Class-level timetables (e.g. '7B — Maths — Room 4') generally aren't personal data. A named individual pupil rota (e.g. '10:00 — Alex Smith — Detention') is. Keep the two apart.

Where should signage data be hosted?

There's no legal requirement to host in the UK, but UK-hosted or EEA-hosted signage removes the need for a Data Transfer Impact Assessment and simplifies your ROPA. Viewli is UK-hosted.

Do we need a DPIA for a signage rollout?

For low-risk internal comms (announcements, class timetables), usually no. For anything with pupil photos, biometric check-in, or wayfinding tied to identifiable pupils, yes — document the DPIA before go-live.

Start your 30-day free trial

No card required. UK-hosted. Cancel any time.