The European General Data Protection Regulations (GDPR) come into force in May 2018 and will apply to all member states of the European Union. Application of the regulations in the UK will not be affected by Brexit as the government is expected to incorporate the regulations into a new Data Protection Act.
GDPR extends the right of individuals already enshrined in the Data Protection Act; putting particular emphasis on sensitive data and data held about children under the age of 16 years old. If schools are not compliant by May 2018 there is a risk of a significant fine and serious loss of reputation. In addition, schools need to be ready to manage requests for information more quickly and efficiently post May 2018.