GDPR - Further Update

02 November 2017

Following on from our Summer Update, concrete preparations for compliance with 2018’s new data protection regime are now under way for most schools.

The General Data Protection Regulation (“GDPR”) becomes law with direct effect on 25 May 2018 and the Government has made clear that implementation will be unaffected by the Brexit process. With the recent introduction of the Government’s Data Protection Bill on 13 September 2017, the compliance requirements for schools are starting to become clearer.

One key area where changes may be needed is the school’s Parent Contract and Acceptance Form. While some model contracts are under review, as ever, they will require careful tailoring to suit the individual needs of every school, which will also depend on other documentation which may be in use, whether in connection with the use of images of pupils, supply of references to other schools and the appropriate use of medical data, for example. It will also be necessary to update the privacy notice on a school’s website as well as the data protection policy.

Given that most Parent Contracts require one full term’s notice before variation, in order for schools to ensure GDPR compliance by the 25 May 2018 deadline it would be highly desirable for this work to be completed by the end of the Autumn Term and certainly no later than the end of the Spring Term.

A lot has been written on GDPR compliance generally but very little of quality specifically for schools. We have therefore developed a comprehensive GDPR audit system for schools which is available at whatever your level of need - bronze, silver, gold or platinum – and we would be delighted to discuss with you the best route to compliance for your particular school.

Please find more details here.

By Ben Collingwood

For further advice on the above topics, please call us on 01483 543210 or alternatively email

Back to Update for Schools