You are here: Home | Schools Online | Heads, Teachers and School Staff | Heads, Teachers and School Staff

Heads, Teachers and School Staff

Data Protection, GDPR and the new Data Protection Act 2017

ICO’s Children’s Code to help protect children online

The following are particularly relevant to education-related websites or other online services aimed at children:
• and


NEW IRMS Toolkit for Schools 2019 is now available!


GDPR – what is it?

On 25th May 2018, the existing 1998 Data Protection Act (DPA) was replaced by the new Data Protection Act 2017, also known as the General Data Protection Regulation or GDPR  – meaning that the way you manage all personal data and information within your school may have to change.

Put simply, the GDPR is a new data protection regulation that’s designed to build upon the current Data Protection Act, update the regulations to be fit for the modern digital age, strengthen and unify the safety and security of all data held within an organisation.

How will GDPR affect schools?

Whilst you will see many similarities between the GDPR and the previous DPA, there will be some significant differences that will have a real impact on the way data is handled and ultimately affect the way you manage information in your school.

Please review the DfE Toolkit for Schools here:

If you were already complying with the DPA then chances are you already had some strict policies in place. But this doesn’t mean that just because you complied with DPA regulation, you’re automatically going to be compliant under the new GDPR law.

Whilst a number of the GDPR’s main principles are similar to those in the Data Protection Act, there will inevitably be some new elements and significant enhancements – meaning you may have to do some things differently.

Swindon Borough Council has not produced any schools-specific guidance, but we will always point schools towards the excellent resources available on the Information Commissioners website:

The ICO have put together a guide on GDPR and suggest a number of things you should be starting to do to get yourself ready for the changes:

There are also some really useful self-assessments toolkits, which you can undertake and inform your governors of the outcomes:

Swindon Borough Council provides Data Protection and wider Information Governance training to school governors, so I would encourage you to point your governors (as the responsible and accountable body) to one of our future sessions.

Please contact Anna Richardson, Governor Support Officer on 01793 463876 for details of the governor training.

For all other GDPR queries, please contact Stephen Maskell, Information Governance Manager at  .