The new General Data Protection Regulations (GDPR) came into force on 25th May 2018.
Schools handle a large amount of personal data. This includes information on pupils, such as grades, medical information, images and much more. Schools also hold data on staff, governors, volunteers and job applicants.
In addition, schools handle what the GDPR refers to as special category data, which is subject to tighter controls. This could be details on race, ethnic origin, or trade union membership.
This data was already governed by previous DPA regulations, which ensure personal data is handled lawfully. However, the new GDPR has gone further and requires organisations to document how and why they process all personal data, and gives enhanced rights to the individual.