GDPR is a new set of EU guidelines governing how organisations like schools handle personal data. The new regulations have replaced the current Data Protection Act (DPA) and have been in place since May 2018.

How does GDPR differ from the DPA?

The DPA was introduced back in 1998, which was the same year Google was launched. A lot has changed since then, particularly in schools: the quantity of data schools collect and the complexity of locations where it is stored have changed dramatically.

Although much of the legislation from the DPA remains, GDPR reinforces certain elements.

‘Processing’ data in the context of GDPR includes collecting it, organising it, structuring it, storing it and retrieving it. Schools already do all of these things with personal data regularly.

If you would like to know more about GDPR and your rights, please visit the UK’s data protection regulator, the Information Commissioner’s Office at

Should you have any queries regarding GDPR and our school, please email us at: and mark for the attention of Mrs Rayner, Data Protection Officer.