The UK GDPR: summary

The UK General Data Protection Regulation (UK GDPR) determines how you must process and store personal data – understand what you have to do and the principles of data processing.

Last reviewed on 3 May 2023
School types: All · School phases: All
Ref: 30801
Contents
  1. What is the UK GDPR?
  2. What are your main responsibilities under the UK GDPR? 
  3. The UK GDPR in more detail 
  4. Brief your team on data protection 

What is the UK GDPR?

The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 to form the UK's data protection framework. It was created in January 2021 when the EU GDPR was incorporated into UK legislation (by this piece of legislation).

The UK GDPR determines how people’s personal data is processed and kept safe, and the legal rights individuals have over their own data. 

The key principles, rights and obligations remain the same as before, but there were some amendments, predominantly around international transfers of data (see section 2). 

The DfE published guidance to help education providers stay compliant with these changes, which you can find here.

What are your main responsibilities under the UK GDPR? 

Note: the Data Protection Act 2018 (linked to above) makes a distinction between 'data controllers' and 'data processors'. As a school, you're most likely a 'data controller' because you collect personal data and decide how to processes it.