What is GDPR?
This refers to the General Data Protection Regulation which superseded the Data Protection Act 1998, on 25 May 2018.
The legislation is designed to ‘harmonise’ data privacy laws across Europe, as well as give greater protection and rights to individuals. Within the GDPR there are large changes for the public, as well as businesses and bodies that handle personal information. In essence, it is about protecting personal data and how it is used. It gives individuals greater control and say over how their personal data is used.
GDPR defines personal data as:
Any information relating to an identified or identifiable person (known as a Data Subject).
An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an ID number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
What data we hold and who we share information with:
Specific Consent - Photographs & Video Recordings:
The school requires specific consent before taking photographs or video recordings for purposes which are not part of its core activities ie website, promotional material etc.
Requesting Access to Personal Data
Under data protection legislation, parents have the right to request access to information held about themselves and their children under the age of 16. To make a subject access request for yourself or your child(ren)'s personal information please contact the school office.
Golden rules of handling personal data
Don’t share your passwords.
Lock away your papers when you are away from your desk.
Lock your computer/laptop/tablet whenever you leave it (CTRL, ALT, Delete).
Be aware when sharing personal data – ask is it necessary, what, why, how.
Don’t work with personal data on personal devices that are not encrypted.
Use E Services / Cloud W system to access your emails and documents.
Incidents happen! Tell us when things are lost, stolen or shared by mistake.
Using the reporting procedure means we can help you take the right action.
Do not keep personal data longer than you need it – follow the school’s retention guidance (available from the school office).
Dispose of personal data with care – shred it or take it to the office for the confidential shredding bags
Data Protection GDPR Policy
Please click here to view our Data Protection GDPR Policy on our School Policies page.