What is the General Data Protection Regulation? (GDPR)
On 25th May 2018, the UK's Data Protection Act 1998 was replaced by a new law called the GDPR (the EU General Data Protection Regulations 2016).
This law governs how we collect, use and share people's information and provides greater rights to individuals and control over how their information is handled by organisations, including schools.
It is in place to give data subjects control of their data and gives organisations processing that data more responsibilities in relation to how they collect, process, store, share and destroy data.
We hold a great deal of data - not only about pupils, but also staff, parents, volunteers, visitors, suppliers and other 'data subjects'. GDPR requires us to not only minimise any risks to the unauthorised access and loss of personal data within school, but also provide evidence and documentation of our processing activity.
In order to demonstrate our commitment to GDPR compliance we are doing the following:
- Documenting and processing activity; including ensuring we have a lawful basis for processing
- Auditing this processing and identifying and creating an action plan to mitigate any risks to personal data
- Documenting the compliance of third-party providers and reviewing contracts to ensure compliance with GDPR
- Ensuring that we have processes and procedures in place to ensure the rights of data subjects
- Reviewing the technical and organisational measures in place to protect data
- Training staff on GDPR and our data handling processes - including Governors.
The process of becoming fully GDPR compliant will take some time because it affects all aspects of the school. Whilst there will be changes, we are committed to ensuring that there is no negative impact on teaching and learning and the welfare of pupils and staff.
As a parent or carer, you may receive some letters from us regarding GDPR. Some of those may be about consent and some about updating your information with us. We would appreciate it if you would read all information you receive and send back any relevant documents back to school.
You have a right to be informed about how the school uses personal data about your child. We comply with this right by providing 'privacy notices' to individuals where we are processing their personal data.
We are required by law, to provide information about our pupils to the Department for Education (DfE) as part of statutory data collections such as the school census and early years' census. Some of this information is stored on the National Pupil Database (NPD). The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the pupil information we share with the DfE, for the purpose of data collections, click here.
If in the meantime you would like to know more about the GDPR and your rights, please visit the UK's data protection regulator, the Information Commissioner's Office at www.ico.gov.uk