GDPR - The General Data Protection Regulation

What is GDPR and how will it affect Teachers?

What is GDPR?

The General Data Protection Regulation (GDPR) is a new legal framework that was introduced in May this year to supersede the UK Data Protection Act. Just like the data protection act, GDPR was established to ensure that personal information of individuals inside the EU is collected, processed and managed in a legal and suitable manner. In order to be compliant, the GDPR has set out principles for data management and the rights of the individual, while also imposing fines that can be revenue based on any establishment that holds data of EU citizens. Now, all organisations have a legal right to be more accountable for data protection.

So, how will GDPR affect Teachers?

The good news is that most of the work around GDPR will be handled by those in your senior leadership team, training will be provided and generally speaking, your day-to-day teaching will go on as normal. However, the way in which you handle data and administrative tasks will need to be adapted. “Basic security protocols that often go ignored — leaving a laptop logged in when you leave the room, having pupil data displayed on walls in unlocked staff rooms, sharing passwords between staff members — will have to be reiterated and enforced.” (TES online, 2018).  Teachers will also be required to report suspected/possible personal data breaches or security risks as a matter of absolute urgency.

GDPR will also require adaptations to be made on how teachers look after their data; All files must be password protected and encrypted, USB sticks will only be able to be used if they are encrypted and teachers must use their professional e-mail addresses when sending any e-mails to colleagues which may include any information on any staff members or students alike. Teachers will be allowed to take paperwork and marking home with them, but this must be stored in a secure and safe location (i.e not left in cars overnight).

What do Teachers gain from GDPR?

One of the main focuses of GDPR is to give individuals more rights on how their data is processed by organisations, which in turn means that you will have a right to access and also remove your data at any time. As well as access to your personal data, GDPR gives you the right to have your data erased unless there is a legitimate business or legal reason why a company or organisation needs to retain data on you. For example, a former school may still have your CV on file which can now be removed as that school will no longer have a business or legal reason to keep hold of your CV thanks to GDPR. Schools are required to have a process in place for how long they can keep your information for and they must have a legitimate purpose for why they are keeping it initially.


If you are still unsure on GDPR and its changes to come rest assure as all schools are set to carry out GDPR training in the near future, and plenty more information can be found online at: