GDPR & Schools

What is GDPR?

GDPR is a complete data protection game changer for every organisation. The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation. It will bring new demands and challenges that will impact school resources and ultimately finances. GDPR increases the responsibility schools have to inform parents and learners about how their data is being used and by whom.

Data breaches

It will be mandatory to report data breaches within 72 hours

Data processors

It is the schools responsibility to ensure 3rd party suppliers that process data for you also comply with GDPR

Tougher penalties

Fines up to €20 million or 4% of global turnover for non-compliance as well as your Ofsted ratings being impacted if policies and processes are not in place when it comes to data


GDPR demands a formal contract/SLA with all suppliers, including how data is stored and processed

Should schools be worried about GDPR?

There seems to be a lot of panic related to the introduction of GDPR however, compared to many private organisations, schools are much better placed to address the new regulations.

In education, there has always been a culture that values every person’s rights and freedoms. Whilst there are many extra demands required to map and audit personal data stored and shared, schools with existing rigid data protection policies should see GDPR as an opportunity to improve the way they work.

Schools have always had to give parents and children access to their data, but under GDPR individuals have the right to ask for that data to be forgotten. This regulation only applies to certain data that you store and GDPRiS will provide the right guidance in such instances.

Individuals' rights

GDPR gives more control to individuals, including the right to redact data

Data protection officers

It will be mandatory for schools to appoint a data protection officer


Schools must be able to demonstrate compliance


Schools must get it right now, in 2018 and beyond

Let our team show you how great GDPRiS is!

Start planning now

The ICO put together 12 steps to take now advice however it is focused on businesses and not a school environment. We have adapted this guidance for schools.


Track your progress

We have put together a GDPR readiness tracker to help schools prepare for GDPR. Download it and complete each step over the coming months.


Roles &Liabilities

Free resources for schools