General Data Protection Regulation (GDPR)
On May 25th a new Regulation comes into force, the General Data Protection Regulation.
The aim of the Regulation is to make personal information even more confidential than it already is, under the current Data Protection act. The Regulation affects all countries in the European Union, but it will remain in British Law following Brexit.
In the United Kingdom the Information Commissioner’s Office will check that everyone is complying with the law.
The school has worked hard to ensure that we comply with the requirements of the Regulation, because we take your privacy seriously. We will include aspects of the GDPR in the IT and computing curriculum so that your children learn how to protect their privacy and online reputation in our highly technological world.
The school staff have had (or will soon have) training so that they are familiar with the requirements of the GDPR. Our documentation is ready so you will soon see the school issuing fresh privacy notices and acceptable use policies for families and pupils. Families will also see new letters requesting consent for some school activities, such as for the use of photographs. Please note that we have to have a reply to these letters, otherwise your child might miss out when you would actually prefer them to be included: we cannot just assume that you agree (or don’t agree)!
We have reviewed the security of all our IT systems and the storage of our paper records. If any companies or partner agencies have access to any school data then we are requiring them to confirm that they also comply with the GDPR.
After May and our data audit we will start using a new system to record school’s use of data. We will also be assessing how we collect and protect the most sensitive data to ensure security levels are as high as can be reasonably expected.