Data Protection and GDPR
The General Data Protection Regulation came into force in May 2018 and is based on data protection principles that our school must comply with. The principles say that personal data must be:
Our school aims to ensure that all personal data collected about staff, pupils, parents, governors, visitors and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the provisions of the Data Protection Act 2018 (DPA 2018).
How we do this is explained in our Data Protection Policy and our Privacy notices, all of which are available at the bottom of this page. Our Data Protection Policy applies to all personal data, regardless of whether it is in paper or electronic format.
Our policy meets the requirements of the GDPR and the provisions of the DPA 2018. It is based on guidance published by the Information Commissioner’s Office (ICO) on the GDPR and the ICO’s code of practice for subject access requests.
It meets the requirements of the Protection of Freedoms Act 2012 when referring to the use of biometric data. It also reflects the ICO’s code of practice for the use of surveillance cameras and personal information.
In addition, our policy complies with regulation 5 of the Education (Pupil Information) (England) Regulations 2005, which gives parents the right of access to their child’s educational record.