The lastest March 2019 Governance Handbook for Academies, Multi Academy Trusts and Maintained Schools is now published.
GDPR- The GDPR will come into force as from May 25th 2018 and many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA), so if you are complying properly with the current law then most of your approach to compliance will remain valid under the GDPR and can be the starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently.
The Information Commissioner's Office (ICO) has produced guidance which is well worth reading so as to be sure that your school is compliant with the new regulations.
The 'twelve steps to take now' guidance referred to above can be found here: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
An 'at-a-glance' guide and checklist about GDPR can be found here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/documentation