The law is changing and the General Data Protection Regulations (GDPR) come into effect on 25th May 2018. The new regulations bring higher standards for handling data and greater expectations for improved transparency, enhanced data security and increased accountability for processing personal data. Schools have a legal duty to comply with GDPR.

The new GDPR is replacing the current Data Protection Act (DPA) and is set to strengthen and unify all data held within an organisation. For schools, GDPR brings a new responsibility to inform parents and stakeholders about how they are using pupils' data and who it is being used by.

What does GDPR mean for schools?

A great deal of the processing of personal data undertaken by schools will fall under a specific legal basis, 'in the public interest'. As it is in the public interest to operate schools successfully, it will mean that specific consent will not be needed in the majority of cases in schools.

GDPR will ensure data is protected, will give individuals more control over their data and schools will have a greater accountability for the data:

  • Under GDPR consent must be explicitly given to anything that isn't within the normal business of the school, especially if it involves a third party managing the data. Parents (or the pupils themselves depending on age) must express consent for their child's data to be used outside of the normal business of the school.
  • Schools must appoint a Data Protection Officer (DPO) and be able to prove that they are GDPR compliant.
  • Schools must ensure that their third party suppliers who may process any of their data are GDPR compliant.
  • It will be compulsory that all data breaches which are likely to have a detrimental effect on the data subject are reported to the ICO within 72 hours.

At Lansbury Bridge School, we started our GDPR journey in September 2017. We have:

  • Put a team together to work on compliance.
  • Attended various briefing sessions ran by external organisations and the Local Authority.
  • Made everyone in school aware of GDPR including governors.
  • Ensured all staff have completed 'An Introduction to the GDPR' Level 2 Educare Certificate.
  • Started to review all of our data and documents and have an action plan moving forward.

We have recently appointed an external Data Protection Officer. Queries regarding GDPR should be directed to either Cathryn Lewin, School Business Manager or to our appointed DPO below:

Hulse Yazdi Limited t/a HY

Reed House

Hunters Lane


Greater Manchester

OL16 1YL

0161 804 1144


Lead Contact: Dean Hulse

Lansbury Bridge already has strong data protection policies in place but these now all need to be updated in line with GDPR. In addition to comply with GDPR, we need to show a paper trail and how we are compliant.

We already highly value and protect all of our student, parents and staff data and will continue to do so in the presence of GDPR.

As a parent/carer you may receive some letters from us regarding GDPR. Some of those may be about consent and some about updating your information with us. We would appreciate it if you would read all information you receive and send back any relevant documents back to school.

Further information can be found at the ICO (Information Commissioner's Office) website.

The video below is a great overview of GDPR and how it affects schools, produced by GDPRiS to inform parents.

Further details will be uploaded over the next few weeks so please watch this space!

Files to Download

Student Login

Lansbury Bridge School & Sports College, Lansbury Avenue, Parr, St Helens, Merseyside, WA9 1TB

Tel: 01744 678579 | lansbury@sthelens.org.uk