GDPR, DPA and Compliance

After May 25th the world did not stop spinning. The Information Commissioner did not start issuing schools with millions of pounds worth of fines. There was no hammering on doors and demands to see the new improved Data Protection Policy. The hysteria rapidly melted away.

As a Solicitor, who has many years of experience supporting schools with Data Protection issues, I wasn’t really surprised. Media hype had sent everyone off like a rocket.

However, GDPR has not gone away. The requirements that schools have are still challenging. As public authorities the obligation to appoint a suitable DPO is still mandatory.


Ongoing training for staff and governors, updating policies and data maps, breach preparation and management are all still required. Mapping data usage and having the correct legal basis for processing the data is a stated requirement of GDPR and the Data Protection Act 2018. Every school will need to undertake a Data Protection audit, either internally with guidance or to appoint an external provider.

Please click here to look over our free to access resources, a mixture of briefing notes prepared in house and links to resources from the DfE, ICO and others.

Getting it right takes time, hard work and is so much easier with the right support.

The depth of knowledge and school specific service offered by the practice is what makes us unique, and the way we work with people is what makes us popular.