The General Data Protection Regulations (GDPR) are a set of guidelines for the collection and processing of personal information of individuals within the EU and is effective in the UK from 25th May 2018. The GDPR replace the Data Protection Act (DPA) 1998.
The GDPR increase the importance of data protection and emphasise accountability. As a school we employ a ‘privacy by design’ approach – thinking about how we use and manage data securely in everything we do. The emphasis on accountability means that as a school we have increased the amount of documentation we use to record procedures and issues.
All personal data, electronic and paper copies, are stored on our secure server or in locked cabinets in locked rooms with access restricted on a 'need to know' basis.
The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
If you click here you can visit the ICO’s GDPR website to read in depth information about all aspects of GDPR.
There are 6 key principles to the GDPR that the school is accountable for:
- There must be a lawful reason for collecting personal data and it must be done in a fair and transparent way.
- Data must only be used for the reason it is initially obtained.
- No more data than is necessary should be collected.
- Data has to be accurate and there must be mechanisms in place to keep it up to date.
- Data should not be retained for longer than is necessary.
- The protection of personal data must be upheld.
Coombe Road Primary School has developed a GDPR Data Protection Policy for all staff working in our school who are trained annually and must sign to agree to full compliance.
Our Information Governance Officer is Mr Scrase (Headteacher).
The school's Data Protection Officer is Data Protection Education.