Skip to main content

Key tasks to ensure compliance with the Data Protection Act 2018 and the UK General Data Protection Regulation (UK GDPR).

Key tasks to ensure compliance with UK GDPR

Schools are required to complete a series of key tasks in order to ensure compliance with UK GDPR. If your school has not yet completed these tasks you must do so urgently and, in the interim, you must ensure you are able to demonstrate an awareness of the requirements and have a plan in place for achieving full compliance.

The key tasks to complete are as follows:

  1. Appoint a Data Protection Officer (DPO).
  2. Complete an Information Asset Register and information audit including a record of your reasons for processing each data type and how long you need to retain each data type.
  3. Review and update your Privacy Notices.
  4. Review and update arrangements with external providers to the school where personal data is shared.
  5. Review and develop internal Data Protection Procedures and Policies.
  6. Ensure the staff and volunteers at your school receive UK GDPR awareness training.
  7. Review your Subject Access Request (SAR) Procedures.
  8. Review your Data Breach Procedures.
  9. Ensure you operationalise your policies and procedures and continuously review and improve them.

You can find out further information about any of these aspects of UK GDPR compliance by visiting the links on this page, or visiting our Training, Tools, Templates and other useful information page.

Contact us

If you have a query about UK GDPR you can contact the Education Data Hub on tel: 01629 532888, or email:

The Education Data Hub offers a traded service to schools, providing Data Protection Officer support and other services. Further information is available on the Services 4 Schools website. The Education Data Hub also has its own website which contains full details of the services provided, including template policies, privacy notices, DPIAs and other useful documents.

Related Content

Also see