You are here:

How to prepare for the General Data Protection Regulation

Ref: 34119
Last updated on 31 October 2017
School types: All · School phases: All
In-depth article
From May 2018, schools must ensure their data processing complies with new data protection law under the General Data Protection Regulation (GDPR). Here's what you need to do to get your school ready for these reforms.

Article tools


  1. 1 Tell key people the law is changing
  2. 2 Plan to appoint your data protection officer 
  3. 3 Carry out an information audit 
  4. 4 Identify your lawful basis for processing data
  5. 5 Review your privacy notices 
  6. 6 Review your data processing procedures
  7. 7 Review your contracts with suppliers
  8. 8 Conduct a self-assessment
  9. 9 Further steps – more guidance is expected

Article features

  • 1 download
  • 12 external links

More from The Key

CPD Toolkit video image 800x450

CPD Toolkit from The Key

From easy-to-digest 15-minute briefings to ready-made presentations and handouts, we’ve got everything you need to confidently deliver high-impact in-school training.

Download two resources as part of your trial:

The Key has taken great care in publishing this article. However, some of the article's content and information may come from or link to third party sources whose quality, relevance, accuracy, completeness, currency and reliability we do not guarantee. Accordingly, we will not be held liable for any use of or reliance placed on this article's content or the links or downloads it provides. This article may contain information sourced from public sector bodies and licensed under the Open Government Licence.