The GDPR became effective on 25 May 2018 and will have an impact on schools and how they manage personal data.

The GDPR aims primarily to give control to individuals over their personal data. It will allow people to have easier access to the data organisations hold about them and introduces a new fines regime and a clear responsibility for organisations to obtain the consent of people they collect information about. The government has created a new Data Protection Act (2018) to coincide with the GDPR, this replaces the Data Protection Act 1998.

Schools can find more detailed information and guidance about their obligations under GDPR at our dedicated resource section.

Last updated: 26/02/2020