Skip to main content

General Data Protection Regulations (GDPR) for Schools 

Schools handle a large amount of personal data. This includes information on pupils, staff, governors, volunteers and job applicants.

Schools also handle what the GDPR refers to as special category data such as race, ethinic origin or trade union membership.

GDPR requires organisations to document how and why they process all personal data and gives rights to the individual.

GDPR has six main principles which states that personal data should be:

  • Processed fairly, lawfully and in a transparent manner
  • Used for  specified, explicit and legitimate purposes
  • Used in a way that is  adequate, relevant and limited
  • Accurate and up to date
  • Kept no longer than necessary
  • Processed in a manner that ensures appropriate security of the data