The General Data Protection Regulation (GDPR) is the new law that will apply to all organisations, including schools, and will take effect from Friday 25 May, 2018. It replaces the Data Protection Act 1998 (DPA 1998) which currently governs the way organisations process personal data about people (pupils, employees etc), and the legal rights that individuals have in relation to the data held on record by an organisation, including schools.
On this page you will find links to a range of articles and supporting materials that can help you better understand what the GDPR will mean to your school - as well as the implications for your pupils, their parents/carers and your employees.
, from February 2017, looked at best practice when it comes to collecting and using personal information of pupils and staff within educational establishments. It also discussed the ICO’s role and powers if problems with sensitive data occur. It also considered the GDPR, which will become law in May 2018 and discussed its likely impact on schools and how the ICO will help institutions meet the new required standards.
London Grid for Learning/TRUSTnet GDPR portal
Preparing for GDPR - schoolsweek.co.uk
ICO Overview of GDPR
ICO taking photographs in schools
Protection of Biometric information of children in Schools
DfE biometric information of children in schools
Information management toolkit
Suggested privacy notices for schools and local authorities to issue to staff, parents and pupils about the collection of data
Data protection guidance for schools considering using cloud services ('the cloud') to hold sensitive information