The UK adopted the EU’s General Data Protection Regulation (GDPR) in 2018, but since the UK's withdrawal from the EU it has used its own version, called the UK GDPR.
The UK GDPR works with the Data Protection Act 2018 (DPA 2018) to form the UK's data protection framework.
Our summary of the UK GDPR explains more.
Download our checklist
As governors or trustees, you're ultimately responsible for data protection.
Use our checklist to help make sure your school or trust complies with the UK GDPR. It lists the actions in this article for your board to tick off:
Your whole board needs to understand the law
Everyone on your board needs a strong baseline knowledge of your school/trust’s data protection duties and what the UK GDPR rules mean. This is because you have collective responsibility for data protection.
What the UK