You may have heard a lot about 'GDPR' in the news, which stands for 'The General Data Protection Regulation'. This is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.
‘Personal data’ means information that can identify a living individual.
The regulation will apply to all schools from 25 May 2018, and will apply even after the UK leaves the EU.
The GDPR is similar to the Data Protection Act (DPA) 1998 (which schools already comply with), but strengthens many of the DPA’s principles including informing Parents and children about the school's legal basis for processing personal information, how we store that personal information and how we keep it safe.
The Privacy Statement
This statement allows students and parents to understand these six points:
- Contact details of the school and the Data Protection officer
- What personal data the school processes
- Why the school processes the personal data
- With whom the personal data is shared
- How personal data will be stored
- The rights of the individual
Record Retention Schedule 2020
Privacy Notice for Schools September 2020