Skip to content ↓

Church of England Junior School

Data Protection - GDPR

General Data Protection Regulation (2018) replaces the Data Protection Act (1998)

The DPA 2018 sets out the framework for data protection law in the UK. It updates and replaces the Data Protection Act 1998, and came into effect on 25 May 2018. It was amended on 01 January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.


It sits alongside and supplements the UK GDPR - for example by providing exemptions. It also sets out separate data protection rules for law enforcement authorities, extends data protection to some other areas such as national security and defence, and sets out the Information Commissioner’s functions and powers.


The ‘applied GDPR’ provisions (that were part of Part 2 Chapter 3) enacted in 2018 were removed with effect from 1 Jan 2021 and are no longer relevant. The processing of manual unstructured data and processing for national security purposes now fall under the scope of the UK GDPR regime.

To learn more about the General Data Protection Regulation, please visit the Information Commissioner’s Office website on

Below is a link to a short video which I hope will also explain things further for you:

We have updated our Pupil and Parent Privacy Notice and Data Protection Policy, which now replace the previous ones on our website.  See link here (Policies and Premiums Page).