Login / Register
A to Z

A to Z Index

A B C D E F G H I J L M N O P R S T U V W
Absence, Time Off and Working Time
Adoption Leave and Pay
AI
An Introduction to Neurodiversity at Work
Annual Leave
Appointing Volunteers and Atypical Workers
Appraisals
Bullying and Harassment (including Sexual Harassment)
Carer's Leave
Checks on Non-Employees
Childcare Disqualification Regulations
Conditions of Appointment and Role
Contracts and offer letters
Creating a Wellbeing Strategy
Data Protection at Work (GDPR)
DBS
DBS Checks
DBS Policies
DBS Update Service
Death of an Employee
Developing an EDI Strategy
Domestic Abuse
Early Career Framework (From September 2025 - Initial Teacher Training and Early Career Framework (ITTECF))
EDI Bespoke Training
Education Recruitment (Eteach)
Employee Assistance Programme
Employee Engagement
Employee Relations and Grievances
Employment References
English Language Requirement
Enhancing Personal Wellbeing
Enhancing Staff Wellbeing
Equality & Employment Rights
Equality Diversity & Inclusion
Equality, Diversity and Inclusion (EDI)
Ethnicity Pay Gap Reporting
External Sources
Family-Friendly Rights
Financial Wellbeing
Flexible Working
Gender Pay Gap Reporting
Grievances
HELP EAP
How to support LGBTQ+ employees at work
HR Briefing Newsletter Summer 2025
HR Bytes
HR Data Analytics
HR Resources
Ill Health Retirement
Industrial Action
Introduction to EDI
IR35 (Intermediaries Legislation)
Job Descriptions
Legislation Tracker
Long Term Sickness Absence
Managing Bereavement
Maternity Leave and Pay
Medical Fitness
Medigold
Misconduct
National Minimum Wage
Neonatal Care Leave and Pay
Newsletters and Updates
Notice Periods
Occupational Health
Offer Letters and Contracts
Other Conditions of Service and Entitlements
Overseas Applicants
Parental Bereavement Leave & Pay
Parental Leave - Unpaid
Partner Services
Paternity Leave and Pay
Pay and Conditions of Service
People Strategy
Performance and Conduct
Performance Appraisal
Poor Performance (Capability)
Positive Disclosures
Pre-Employment / Children's Barred List
Probation and Induction
Processing DBS Checks - all customers
Professional Development
Public Sector Equality Duty
Raising Sensitive Issues About Health
Recruitment and Retention
Recruitment Process
Recruitment, Selection and Appointment
Redundancy and Restructuring
Redundancy, Restructuring and TUPE
Resignation, Termination and Retirement
Retirement
Reward Strategy
Right to Work in the UK
School Pay Policy
School Teachers' Pay Award 2023
School Teachers' Pay Award 2024
School Teachers' Pay Award 2025
Section 128 Directions
Sexual harassment
Shared Parental Leave and Pay
Short Term Sickness Absence
Single Central Record
Social Media Profile checks
Staff Behaviour: Standards and Policies
Summer 2024
Support Staff Pay and Allowances
Supporting Homeworking
Supporting Staff Through Cancer
Talent Management
Teachers' Pay and Allowances
Termination by Agreement or Dismissal
The Menopause at Work
Time Off and Special Leave
Time Off for Dependants
Trade Union Facility Time Reporting
TUPE Transfers
Union Recognition and Bargaining
Verifying Identity
Verifying Qualifications and Teacher Status
Voluntary Resignations
Wellbeing at Work
Wellbeing Policy
Whistleblowing
Who Needs a DBS Check?
Working Time
HR Topics

HR Topics

Absence, Time Off and Working Time
Appraisals
Contracts and offer letters
Data Protection at Work (GDPR)
Employee Relations and Grievances
Equality Diversity & Inclusion
Family-Friendly Rights
Legislation Tracker
Newsletters and Updates
Pay and Conditions of Service
People Strategy
Performance and Conduct
Probation and Induction
Recruitment, Selection and Appointment
Redundancy, Restructuring and TUPE
Resignation, Termination and Retirement
Wellbeing at Work
DBS Topics

DBS Topics

DBS Policies
DBS Update Service
Overseas Applicants
Positive Disclosures
Pre-Employment / Children's Barred List
Processing DBS Checks - all customers
Who Needs a DBS Check?

Data Protection at Work (GDPR)

Data Protection at Work (GDPR)

Strictly Education HR joined together with Judicium HR & Employment Law on 1 April 2025.

You are now able to access a much wider range of expert support to keep your school compliant and protected in the sphere of Data Protection from Judicium Education Data Protection Services.

In recent years, schools have seen a significant rise in Subject Access Requests (SARs) and data breaches, driven largely by growing public awareness of data rights.

As more individuals become informed about their rights under data protection laws, schools are facing increased scrutiny and compliance challenges.

Our comprehensive Data Protection service is designed to strengthen your data protection strategy, ensuring ensuring compliance with data protection legislation, as regulated by the Information Commissioner's Office (ICO) creating a secure environment for pupils and staff alike.

From annual audits and policy development to tailored training for employees, we provide expert guidance, advise on best practices, and support robust data management practices.

Click here to explore our offer.

 

 

 

What do schools need to know about data protection?

What is the GDPR?

In January 2012, the European Commission announced its intention to reform data protection rules. The Commission proposed that the existing Directive would be replaced by a Regulation, binding on every member state. Since the implementation date of 25th May 2018 fell prior to the date the UK exited the EU all UK organisations and all foreign companies processing the data of EU residents had to be compliant with the General Data Protection Regulation (GDPR) from this date.

The UK government published the Data Protection Bill in September 2017 and this received Royal Assent as the Data Protection Act 2018. The Act should be read in conjunction with the GDPR and contains additional provisions relating to, amongst other things, special categories of data, criminal convictions and offences and subject access requests.

The provisions of the GDPR were incorporated into UK data protection law as the UK GDPR at the end of the BREXIT transition period. The UK GDPR sits alongside the DPA 2018, in practice there is little difference between the core data protection principles, rights and obligations found in the EU GDPR and the UK GDPR.

What about HR data?

Data protection law, including the GDPR, covers the processing of 'personal data' which means any information relating to an identifiable person. Schools and other education establishments will be processing personal data relating to staff, but also to others, such as pupils/students. 

What should I be doing to ensure that our HR data processing is compliant with the GDPR?

GDPR implementation did not end on 25th May 2018 as compliance is not a one-off exercise. Many of the changes brought in by the GDPR are about ensuring organisations incorporate data protection principles into day-to-day processes and practices so that considering the implications for personal data becomes the norm.