General Data Protection Regulation (GDPR)

Guidance for GDPR

The General Data Protection Regulation (GDPR) is the new law that will apply to all organisations, including schools, and will take effect from Friday 25 May, 2018. It replaces the Data Protection Act 1998 (DPA 1998) which currently governs the way organisations process personal data about people (pupils, employees etc), and the legal rights that individuals have in relation to the data held on record by an organisation, including schools.

On this page you will find links to a range of articles and supporting materials that can help you better understand what the GDPR will mean to your school - as well as the implications for your pupils, their parents/carers and your employees.

This webinar, from February 2017, looked at best practice when it comes to collecting and using personal information of pupils and staff within educational establishments. It also discussed the ICO’s role and powers if problems with sensitive data occur. It also considered the GDPR, which will become law in May 2018 and discussed its likely impact on schools and how the ICO will help institutions meet the new required standards.

January 2018 - The DfE has issued updated Data protection: privacy notice model documents. The privacy notices have been enhanced to be compliant with the General Data Protection Regulations (GDPR), which comes into force in May 2018. The DfE highlights that these models are simply a recommendation; schools and local authorities are free to review and amend the wording to reflect their individual circumstances. See

February 2018 - please click on this link to download a very informative overview of GDPR for Schools by Groupcall, distributed at the recent BETT Show - well worth a read.

Useful links
London Grid for Learning/TRUSTnet GDPR portal

Preparing for GDPR -

ICO Overview of GDPR

ICO taking photographs in schools

Protection of Biometric information of children in Schools 

DfE biometric information of children in schools

Information management toolkit

Suggested privacy notices for schools and local authorities to issue to staff, parents and pupils about the collection of data

Data protection guidance for schools considering using cloud services ('the cloud') to hold sensitive information