General Data Protection Regulation (GDPR)
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union.
The GDPR aims primarily to give control back to all EU citizens of their personal data and it is intended to strengthen and unify data protection for all individuals within the European Union.
When the GDPR takes effect, it will replace the 1995 Data Protection Directive. It becomes enforceable from 25 May 2018.
What does the GDPR mean for Schools?
The GDPR applies to all organisations including schools.
It is focused on looking after the privacy and rights of the individual, and is based on the premise that consumers and data subjects should have knowledge of what data is held about them and how it is used.
All schools must have a designated Data Protection Officer DPO. The DPO for our school is Mrs Sophie Hanson.
The Six Principles of the GDPR
The GDPR requires that data should be:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specific, explicit and legitimate purposes only;
- Adequate, relevant and limited to its stated purposes only;
- Accurate and kept up to date;
- Kept in a form which permits the identification of data subjects for no longer than is necessary;
- Processed in a manner that ensures appropriate security of the personal data.
The school is responsible for and must be able to demonstrate compliance with these principles.
The documents below support and explain our policies and procedures relating to GDPR.