GDPR or General Data Protection Regulation comes into effect on 25th May 2018 to replace the existing Data Protection in use in this country and across Europe. Recognising the weaknesses in the original data protection approach, partly due to emerging criminality, new technology such as smart phones and the impact of social media, ''Europe'' decided that the whole process needed changing and strengthening. Additionally, it had to be a standard across all 28 European countries.
How does this affect us?
Schools handle a large amount of personal data. This includes information on pupils, such as educational achievement, medical information, photographs and much more. Schools will also hold data on staff, governors, volunteers and job applicants. Additionally, schools handle what the GDPR refers to as special category data, which is subject to tighter controls. This could be race, ethnic origin or even trade union membership.
In terms of schools, and the education sector, there's going to be much more of a focus on data protection. In particular, this will be emphasised by decisions made by the senior leadership team when reviewing policies and bringing in new technology. The most significant difference between existing data protection and GDPR is the necessity to be able to prove compliance.
Who will this impact?
In simple terms, EVERYONE. In order for any school to obtain compliance, there is a need for full support by all staff, leaders, governors, parents and all third party partners. GDPR will impact on everything in some small way. Like safeguarding, this is a school wide priority, led by the senior leadership team. With training and support, all day to day activities identified can be adjusted to ensure that appropriate data protection becomes second nature to all.
The school will be required to employ a DPO (data protection officer). It is their responsibility to ensure that we are making every effort to be compliant with the regulations. That we communicate a clear message to all and that this is adhered to. The school must risk assess what is or is not within the scope of compliance and all parties MUST be prepared to follow protocols which schools sets.
Our schools DPO is Mrs L McKenna. If you have any concerns in relation to data protection or wish to make a subject access request, then this must be done in writing to firstname.lastname@example.org
Click the link below to download our Privacy notice. A copy of the full data protection policy is available on request from school.