GDPR and Data Protection
Data Protection Regulations
The General Data Protection Regulation (GDPR) comes into effect on 25th May 2018.
It will bring higher standards of handling data and will determine how people’s personal data is processed and kept safe.
GDPR is a piece of EU-wide legislation and schools have a legal duty to comply with the regulation.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which schools already comply with), but strengthens many of the DPA’s principles.
The main changes are:
- Schools must appoint a Data Protection Officer and be able to prove that they are
- Privacy notices must be in clear and plain language showing the school’s ‘legal
basis’ for processing and the individual’s rights in relation to their own data
- Where the school needs an individual’s consent to process data, this consent must
be freely given, specific, informed and unambiguous
- Schools will only have a month to comply with subject access requests, and in
most cases they cannot charge
- It will be compulsory that all data breaches which are likely to have a detrimental
effect on the data subject are reported to the Information Commissioner’s Office
within 72 hours.
Please read our privacy notice explaining how we handle pupil information, what rights you have and how to exercise them and our policies around this.
If you would like to know more about the GDPR and your rights, please visit the UK’s data protection regulator, the Information Commissioner’s Office at www.ico.gov.uk
Should you have any queries regarding the GDPR and our school, please email us at firstname.lastname@example.org
Data Protection Policy