The General Data Protection Regulation (GDPR) is coming. We all need to know about it and make sure we’re compliant with it.  This is the first in a series of Novatia blogs, and seminars, to help the UK Education Market understand what the GDPR is and what the GDPR means for schools.

The GDPR – a brief overview.

From 25 May 2018 the Data Protection Act (DPA) will be replaced by the General Data Protection Regulation (GDPR).  The GDPR expands on the rulings laid down by DPA, protecting people’s data even further - impacting on how all data is collected, collated, stored, accessed, used and deleted, including CCTV monitoring.

What’s more, the GDPR allows all individuals, including minors without parental or guardian consent, greater rights to access all the data held on them and to access it more quickly. And, if individuals feel that their data has not been treated correctly, the GDPR makes provision for them to take court action against the organisation that first collected their data. This action has now extended to emotional impact and damage for breaches in data security and handling.

In short, the GDPR has been developed to clamp down on carelessness that has sometimes crept in, when handling people’s personal data. It is a great opportunity to tidy up the ways that we all collect, handle and use personal data.

For those who choose to ignore the GDPR, large fines from the Information Commissioners Office (ICO) up to €20m could be incurred.  They also have the option of court action. Also, in the case of Schools and Trusts, Ofsted ratings could be seriously affected if correct policies and procedures aren’t in place when it comes to data and IT security.

Surely tightening up procedures for personal data is a good thing?

Yes, it is a very good thing.  It ensures our right to privacy and gives us greater protection should any organisations abuse any data they holding or, through negligence, expose us to unwanted attention or harm.

So what should Schools and Trusts be doing about it?

First, get informed.

There’s lots of free resources and advice on the ICO website: . We found the “Preparing for the GDPR – 12 steps you can take now” advice piece, which ICO have produced, very helpful.

The ICO also publish regular blog posts about the GDPR and its implications, which we recommend reading and keeping up to date with.

Get a copy of the Four Steps we recommend you take to prepare your school or Trust for the GDPR by downloading our Novatia Note. 

Download your Novatia Note

TAKE ACTION NOW … we recently held a GDPR seminar for school and trust leaders which was well received by the Education market.  If you’d be interested in attending one of our future events please do get in touch. 

Alternatively, if you’d like to know more about how Novatia can assist you with a data audit for either your school or trust, please see our website or contact us on 01962 832632 or

The GDPR is coming; let’s get prepared for it now.


  • Email