General Data Protection Regulation (GDPR)

Guidance for GDPR


The General Data Protection Regulation (GDPR) is the new law that will apply to all organisations, including schools, and will take effect from Friday 25 May, 2018. It replaces the Data Protection Act 1998 (DPA 1998) which currently governs the way organisations process personal data about people (pupils, employees etc), and the legal rights that individuals have in relation to the data held on record by an organisation, including schools.

On this page you will find links to a range of articles and supporting materials that can help you better understand what the GDPR will mean to your school - as well as the implications for your pupils, their parents/carers and your employees.

This webinar, from February 2017, looked at best practice when it comes to collecting and using personal information of pupils and staff within educational establishments. It also discussed the ICO’s role and powers if problems with sensitive data occur. It also considered the GDPR, which will become law in May 2018 and discussed its likely impact on schools and how the ICO will help institutions meet the new required standards.

Useful links
London Grid for Learning/TRUSTnet GDPR portal

Preparing for GDPR - schoolsweek.co.uk

ICO Overview of GDPR

ICO taking photographs in schools

Protection of Biometric information of children in Schools 

DfE biometric information of children in schools

Information management toolkit

Suggested privacy notices for schools and local authorities to issue to staff, parents and pupils about the collection of data

Data protection guidance for schools considering using cloud services ('the cloud') to hold sensitive information