PDFs in education: privacy for teachers and schools
School PDFs carry data about minors: report cards, records, permission slips. Why they should never go to an upload site, and how to handle them locally.
It’s the last week of term. A teacher has thirty report cards as separate PDFs and needs them as one file for the year group folder. The school laptop doesn’t have anything installed for that, so they search “merge PDF”, open the first result, drag in thirty documents full of pupils’ names, grades, and behaviour notes, and click the button.
The merged file downloads. The folder is updated. Nobody notices anything. But those thirty report cards just left the school and landed on a server run by a company the teacher has never heard of, and every one of them was about a child.
This isn’t legal advice and I’m not your data protection lead. Every school has its own policy and its own DPO to answer to. But education runs on data about minors, and that’s exactly the kind of data the law guards most closely. So it’s worth being clear about what’s at stake before the next deadline pushes someone toward a random tool.
School PDFs are full of children’s data
Think about what a school produces on paper and screen every week. Report cards with grades. Pupil records with addresses and birth dates. Permission slips for trips. Medical and allergy forms. Safeguarding notes. Free school meal eligibility. Special educational needs plans. Almost all of it identifies a specific child, and a lot of it touches things the law treats as extra sensitive, like health.
GDPR gives children’s data its own protection. The reasoning is plain: children are less aware of the risks, and the consequences of a leak follow them for years. A leaked report card can’t be reset like a password. A disclosed safeguarding note can do real harm. So when a school handles these files, the bar for doing it carefully is higher than for almost anything else.
And the school carries the responsibility. Under GDPR the school is the controller for this data. That duty doesn’t pause because it’s July and everyone’s tired and the merge needs doing now.
What an upload site does with the file
When that PDF goes to an online tool, it leaves the school’s control. It travels to a server the school doesn’t run, gets processed there, and may be cached, queued, or copied before anything comes back. The company behind the tool becomes a processor acting on the school’s behalf, and the school stays the controller answerable for the whole thing.
That arrangement comes with strings. The school is supposed to have a written contract with that processor, spelling out what they may do with the data and when they delete it. For a free tool found through a search, the school has none of that. No contract, no idea where the servers sit, no way to say who else can touch the file. If those servers are outside the EU, the school has also made an international transfer of children’s data, which is the kind of thing GDPR puts the most friction around.
If pupil data ends up exposed through a service the school couldn’t vouch for, that can be a personal data breach. Breaches involving children are the ones regulators and parents take hardest. Notifications, an investigation, and a very awkward letter home all follow from one rushed upload.
The maddening part is that the task itself, merging or protecting a few files, never needed to leave the building.
Do the school’s PDF work on your own machine
Here’s the fix, and it’s lighter than the problem. If the PDF never leaves your device, no outside processor touches it. No contract to chase, no transfer to justify, no third party that could leak a child’s record. The school is still the controller and still owes pupils the usual care, but a whole layer of risk just doesn’t exist, because the data stayed where it was.
This is the idea behind tools that run entirely in your browser. The code does the work locally, in your computer’s memory, and the file stays put. That’s how we built reader.me. When you merge or protect a school PDF, it’s processed in your browser and never reaches a server of ours. If you want proof, open your browser’s DevTools, watch the Network tab while you work, and you’ll see nothing with your document going out.
Three jobs cover most of what a school needs:
- Pull all those report cards into one document with merge PDF, right on the laptop, with no upload.
- Lock a sensitive file before it goes anywhere by adding a password with protect PDF, so a permission slip or a record is encrypted before it reaches a parent’s inbox.
- Add your signature to a form or a letter with sign PDF without printing, scanning, or sending the document to a stranger first.
A few habits for the staff room
- Treat every pupil document as data about a minor. Report cards, records, trip forms, and SEN plans all count, even a single scanned page.
- Never drag a pupil file into a random online tool. No contract and no clear server location means the children’s data doesn’t go there, full stop.
- Default to tools that run in your browser for routine jobs like merging, protecting, and signing. If it works locally, there’s no processor to vet and nothing crosses a border.
- Lock files before you send them home. A password on the PDF beats an open attachment to a class mailing list.
- Check with whoever runs data protection at your school before you adopt any tool for pupil files. They’ll thank you.
The rules around children’s data sound heavy, and they are, because the data is. But the daily fix is small. Keep the file on your machine, use tools that don’t upload, and the heaviest part of the problem never reaches you. If you want the longer version of how uploading triggers these duties, I wrote about GDPR and uploading PDFs separately.