School shares my child's data without consent — what now?
Child data = AP priority + UAVG Art. 5 stricter protection. Erasure request + Education Inspectorate + AP complaint. High fine pressure on school board.
Schools have stricter regime than other organisations: UAVG Art. 5 (under 16 parental consent), GDPR Art. 9 (pupil health data), AP priority enforcement for child data. What counts as unlawful sharing? School photos on social without parental consent, pupil data shared with EdTech suppliers without DPA, lists with names + addresses to municipality/third parties, photo in yearbook without per-medium consent, child data in cloud without Schrems II TIA. Routes: Step 1: written erasure request to DPO + principal (GDPR Art. 17). Step 2: on no response within 30 days → AP complaint (child data = priority). Step 3: in parallel Education Inspectorate report for education aspect. Step 4: on major harm civil damages claim Art. 82 — child data leaks typically receive €500-€2,500 non-material damages. WBTR impact: school directors personally liable on serious negligence since 2021.
Step by step
Written erasure request
To DPO + principal. letter generator (€9.99).
AP complaint
Child data = priority. AP complaint generator.
Education Inspectorate in parallel
For structural education aspect. onderwijsinspectie.nl reporting form.
Ready to act?
We'll draft the right letter for you
Personalised PDF · Send-ready · One-off €9,99
- ⚡ PDF in your inbox in 60 seconds
- 📄 BTW-compliant invoice included
- ↩️ 30-day fix-it guarantee
Sources
🔎 Common search variants
Recognise your own search? Our answer above covers these too.
- “school shares child data”
- “pupil data leak”
- “school photo gdpr complaint”