The UK GDPR: summary

The UK General Data Protection Regulation (UK GDPR) determines how you must process and store personal data – understand what you have to do and the principles of data processing.

Last reviewed on 3 April 2024
School types: AllSchool phases: AllRef: 30801
Contents
  1. What is the UK GDPR?
  2. Who does it apply to?
  3. What are your main responsibilities under the UK GDPR? 
  4. The UK GDPR in more detail 
  5. Brief your team on data protection 

What is the UK GDPR?

The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 to form the UK's data protection framework.

The UK GDPR sets out how people’s personal data is processed and kept safe, and the legal rights individuals have over their own data. 

Who does it apply to?

The UK GDPR applies to ‘data controllers’ and ‘data processors’.

Your school is most likely to be data controller because you decide why and how data is processed.

You're still responsible for making sure that 'data processors' who process personal data on your behalf (for example, payroll providers or school club providers) follow data protection law. Take a look at our resources to help you make sure your suppliers are compliant.

'Processing' is anything you do with personal data, including: collecting, recording, storing, and sharing. Destroying data also counts as processing.

What are your main responsibilities under the UK GDPR? 

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence v3.0.