Data protection

The Data Protection Act 2018 is designed to safeguard personal data and allow organisations to collect and process this data for legitimate purposes.

All schools are required to have a registration under the Data Protection Act 2018.

To ensure you are compliant with this law, you need to notify the Information Commissioner's Office of the type of personal data you hold.

Failure to notify is a criminal offence.

A notification registration lasts for one year and it will cost you £40 to register your school.

Register now

Under the Data Protection Act 2018 all schools processing personal data must comply with the seven data protection principles:

  • only collect the personal data we need
  • only use it for a specific purpose
  • process it lawfully and fairly
  • keep it accurate and up to date
  • get rid of it when we no longer need it
  • keep it safe and protect it from wrongful use
  • be transparent and document how we use it.

Individual’s rights

GDPR and the Data Protection Act 2018 gives an individual the following rights:

  • the right to be informed
  • the right of access
  • the right to rectification
  • the right to erasure
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • rights in relation to automated decision-making and profiling.

Guidance and resources for schools

The Information Commissioner's Office (ICO) has guidance and resources for school. Please visit:

Practice notes summary

  • All employees need to ensure that other people’s information is protected and kept safe at all times
  • If personal information is taken from one location to another it must be done in the safest possible way
  • Equipment should be fully password protected and encrypted, and kept secure at all times
  • Files, diaries, notepads or computer equipment must never be left unattended in vehicles or on public transport.

Ealing Council documents

Here is information about data protection at Ealing Council

Ealing data protection policy* (pdf) login required
Information includes the council's responsibilites, what the act means for the individual and the Ealing framework.

National websites

Data Protection Act 2018 (
Data protection (GOV.UK)

Contact us

Lorraine Cox
Tel: 020 8825 5512

Was this page useful? 
Last updated: 01 Aug 2023