What is the UK GDPR?
The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 to form the UK's data protection framework.
The UK GDPR sets out how people’s personal data is processed and kept safe, and the legal rights individuals have over their own data.
Who does it apply to?
The UK GDPR applies to ‘data controllers’ and ‘data processors’.
Your school is most likely to be data controller because you decide why and how data is processed.
You're still responsible for making sure that 'data processors' who process personal data on your behalf (for example, payroll providers or school club providers) follow data protection law. Take a look at our resources to help you make sure your suppliers are compliant.
'Processing' is anything you do with personal data, including: collecting, recording, storing, and sharing. Destroying data also counts as processing.