The General Data Protection Regulation (GDPR) is an EU law that came into effect on 25 May 2018.
It replaced the current Data Protection Act 1998 and the changes remain in place even though the UK has left the EU.
GDPR gives individuals greater control over their own personal data.
GDPR condenses the Data Protection Principles into six areas, referred to as the Privacy Principles. They are:
You must have a lawful reason for collecting personal data and must do it in a fair and transparent way.
You must only use the data for the reason it is initially obtained.
You must not collect any more data than is necessary.
It has to be accurate and there must be mechanisms in place to keep it up to date.
You cannot keep it any longer than needed.
You must protect the personal data.
Our commitment: “We already highly value and protect all of our pupil, parents, and staff data and will update our practices and procedures to keep up-to-date with current data protection regulations.”
Data Protection Officer: Patrick Aikman
For further information about GDPR please visit the ICO website.