Senior leaders should be sufficiently aware of the content of GDPR and the Data Protection Act in order to ensure schools have the right things in place to be compliant. As per the Data Protection Act 2018, it is your legal duty to protect the personal data of your students, staff, and visitors. Any establishment that collects personal data (e.g. names, addresses, dates of births, etc) has a legal responsibility to ensure that information is gathered, processed, and stored securely. If your school is found to breach GDPR rules, you may face a hefty fine and a visit from the Information Commissioner’s Office.