GDPR will be enforced in:



What is GDPR?

GDPR is a complete data protection game changer for every organisation. The new regulations are intended to strengthen and unify the safety and security of all data held within an organisation. It will bring new demands and challenges that will impact school resources and ultimately finances. GDPR increases the responsibility schools have to inform parents and learners about how their data is being used and by whom.


Data Breaches

It will be mandatory to report data breaches within 72 hours


Data Processors

It is the schools responsibility to
ensure 3rd party suppliers that process data comply with GDPR

Tougher Penalties

Fines for non-compliance as well as your Ofsted ratings being impacted
if policies and processes are not in place


GDPR demands a formal contract/SLA with
all suppliers, including how data is stored and processed



Should schools be worried about GDPR?

There seems to be a lot of panic related to the introduction of GDPR however, compared to many private organisations, schools are much better placed to address the new regulations.

In education, there has always been a culture that values every person’s rights and freedoms. Whilst there are many extra demands required to map and audit personal data stored and shared, schools with existing rigid data protection policies should see GDPR as an opportunity to improve the way they work.

Schools have always had to give parents and children access to their data, but under GDPR individuals have the right to ask for that data to be forgotten. This regulation only applies to certain data that you store and GDPRiS (GDPR in Schools) will provide the right guidance in such instances.


GDPR gives more control to individuals, including the right to redact data It will be mandatory form schools to appoint a data protection officer Schools must be able to demonstrate compliance  Schools must get it right now, in 2018 and beyond



Don’t let your School hit the headlines!

In 2016 there were 2,168 data breaches reported to the ICO – only 166 were in education.  With the new regulations making reporting mandatory and with increased responsibilities, this figure looks set to rise if schools fail to prepare for GDPR.

A County Council was fined £60,000

  • They accidentally sent old files to a charity shop in a filing cabinet they were donating!

Greater Manchester Police were fined £150,000

  • They posted 3 DVD’s containing interview footage – the DVD’s were lost in the post!

GP Practice fined £40,000

  • Careless gossip! Details about a patient were disclosed to her estranged ex-partner.


What is GDPRiS?

General Data Protection Regulation in Schools

  • Manage 3rd party suppliers that process data
  • Store policy documents, training records and materials
  • Access practical guidance on GDPR compliance
  • Streamline SARs and Data Breach reporting
  • Provide a Self-Assessment Questionnaire (SAQ) to all staff to ensure full accountability
  • Supply and store SAQs in other area i.e networks, access control


EIS are launching a new service to help schools
manage GDPR compliance – GDPRiS