What is GDPR?
The General Data Protection Regulation (GDPR) is a new EU law that will come into effect on 25 May 2018 to replace the current Data Protection Act (1998). It is the biggest overhaul of data protection legislation for over 25 years, and will introduce new requirements for how organisations process personal data.
It is focused on looking after the privacy and rights of the individual and based on the premise that consumers and data subjects should have knowledge of the lawful basis for processing their data, what data is being held about them, how it is held, how it will be used, why it will be used, how long it will be held for and whether or not this information will be exported elsewhere for use by another organisation.
What information does this relate to?
'Personal data' is any information from which a person can either directly or indirectly be identified.
'Personal data' is data on any living person including pupils, parents, staff, governors, contractors, university students etc.
What are we doing?
As a school we will ensure that data we hold is accurate and kept up to date.
We will ensure that we only keep data for as long as is required. The length of time we keep documents can be found within our Data Retention Policy.
We will ensure we inform the data subject of the length of time the information will be kept.
We will inform data subjects why we will use the data.
We will inform data subjects how we will use the data.
We will inform data subjects if their data will be used by a third party.
We will inform data subject what we will do with their data once we no longer require it.
We will identify the lawful basis for processing data (unless an exemption or derogation applies).