The UK GDPR: summary

The UK General Data Protection Regulation (UK GDPR) determines how your school must process and store personal data - understand the main requirements and how the data laws have changed since Brexit.

Last reviewed on 9 February 2023
School types: All · School phases: All
Ref: 30631
Contents
  1. What is the UK GDPR?
  2. How has Brexit changed the UK's data protection laws? 
  3. Why do governors need to know about it?
  4. What are the main requirements under the UK GDPR? 
  5. The UK GDPR in more detail 

What is the UK GDPR?

The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 (DPA 2018) to form the UK's data protection framework.

It determines how people’s personal data is processed and kept safe, and the legal rights individuals have over their own data. 

The UK adopted the EU’s GDPR in 2018, but since the UK's withdrawal from the EU it has used its own version, known as the UK GDPR. Find out how the two pieces of legislation differ in the section below. 

How has Brexit changed the UK's data protection laws? 

In January 2021, the EU GDPR was incorporated into UK legislation as the 'UK GDPR' (by this piece of legislation).

The Department for Education (DfE) has published some guidance to help education providers say compliant with these