As a customer, you will need to review these 3 areas to ensure you are meeting GDPR compliance.
Follow the links below to the articles:
1) Select and Document your Lawful Basis
4) Data Sharing Agreement/Data Processing Agreement (if sharing data with other organisations)
You may choose to send a letter to parents/carers - an example can be found here.
We would recommend you discuss your organisation's compliance with your Data Protection Officer to make sure you have the necessary policies in place.