What is GDPR?
GDPR stands for General Data Protection Regulation.
The GDPR is Europe’s new framework for data protection laws that replaces the 1995 data protection directive. New regulations for GDPR start on 25th May 2018 and will be enforced by the Information Commissioner’s Office (ICO).
What does this mean for schools?
Schools handle a large amount of personal data. This includes information on pupils, such as grades, medical information, images and much more. Schools will also hold data on staff, governors, volunteers and job applicants.
Schools will also handle what the GDPR refers to as sensitive data, which is subject to tighter controls. This could be details on race, ethnic origin, biometric data or trade union membership.
What is personal data?
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified.
This definition provides for a wide range ways in which a person can be identified including name, identification number, location data or online identifier.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Schools need to ensure data is-
- a) processed lawfully, fairly and in a transparent manner in relation to individuals;
- b) collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- c) adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- d) accurate and, where necessary, kept up to date;
- e) kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- f) processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
the controller (school) shall be responsible for, and be able to demonstrate, compliance with the principles.”
Below are the school policies that ensure that we adhere to these principles and are GDPR compliant.
Freedom of Information Act 2000
The classes of information available under the above scheme are:
- School Information (known as School Prospectus Information) – information published in the school prospectus and on the school website.
- Governors’ Documents – information published about the school profile (such as on “Get Information About Schools”) and in other governing body documents.
- Pupils & Curriculum – information about policies that relate to pupils and the school curriculum.
- School Policies and other information related to the school - information about policies that relate to the school in general.
The scheme covers information already published and information, which is to be published in the future. All information in our publication scheme is available in paper form.
This publication scheme conforms to the model scheme for schools approved by the Information Commissioner.
If you require a copy of any of the documents within the scheme, please contact the school by letter. If your request means that we have to do a lot of photocopying or printing, or pay a large postage charge, we will let you know the cost before fulfilling your request.
Our Data Protection Officer is Tim Pinto and his contact details are-
The E-safety Office