Over Half Of All UK Schools Are ‘Not Fully Compliant With GDPR’

It’s a shocking statistic that in a recent survey it was found well over half of the schools, universities & colleges (surprisingly) are STILL NOT fully compliant with new data laws, almost a full year and a 1/2 after they came into force.

The RM Education & Trend Micro report also revealed that there is currently widespread concerns among schools that fines for breaching the  (GDPR) general data protection regulations would have a massive impact.

The GDPR rules, which took effect on 25th May 2018, governs how organisations such as schools handle personal data.

The survey of 156 schools and college across Great Britain highlighted a series of concerns:


  • 52 per cent believed they were not fully compliant with GDPR.  Versus 48 per cent who said they were.
  • 14 per cent admitted they did not have a clear plan to become GDPR compliant.
  • 39 per cent cited a lack of financial investment as the biggest challenge to complying with GDPR.
  • 79 per cent said financial fines for non-compliance would “significantly impact” them.
  • 75 per cent said accidental loss by staff was the biggest threat to data, while 19 per cent said cybercriminals.
  • 38 per cent said they had increased their IT spend as part of becoming GDPR ready.

Adnan Zaheer, Data Protection expert & CEO at Seers described the findings that half of schools and colleges are not fully GDPR compliant as “extremely concerning”.  “The risks are huge”

“Having a clear GDPR strategy in place to ensure all data is protected, and able to be deleted should a pupil or parent request it, is a vital component of data Protection and Compliance”

He noted that the report also indicates that schools are facing more demands for “transparency about data” since the introduction of GDPR.

Over 19 per cent of schools, universities & colleges say that staff, parents and pupils were “more”, and 5 per cent “significantly more”, demanding about how much of their personal data is being kept and where.

A Department for Education spokesperson said: “Schools are expected to appoint a data protection officer and have a range of policies and processes in place to enable them to be compliant with GDPR and the Data Protection Act 2018.”