The Data Protection Act (DPA) 2019 and the General Data Protection Regulation (GDPR) became law in May 2018, and regulate how organisations (including schools) must handle personal data, to ensure it is not misused.

Schools operating inside the UK need to comply with UK data protection law. Some of the key documents including policies and principles around GDPR and data protection can be found below.

For information on how East Sussex County Council uses information about children and young people, please follow this link:

https://www.eastsussex.gov.uk/yourcouncil/about/keydocuments/foi/dataprotection/youngpeople