The General Data Protection Regulation (GDPR) came into effect on the 25th May 2018 and works in conjunction with the Data Protection Act 2018. It sets guidelines for the collection and processing of personal information from individuals. Essentially, the rule is that personal information shared is necessary for the purpose of sharing it, only with those people who need to have it, shared in a timely manner, is accurate and shared securely.
As a school, we have reviewed and developed our approach to ensure we are compliant. Our data protection policies and procedures have been updated, privacy notices for staff, volunteers and families and a new retention schedule introduced.
We have also put in place several protective measures to ensure personal data is protected:
All pupil and staff personal data is stored on the school Management Information System which is password protected, and access is limited to a need to know basis
No portable USB sticks or hard drives are permitted within school, and no personal data is removed off the school site.
All visitors and staff use a digital sign in system, which ensures that no personal information is visible to other visitors.
Data is retained in accordance with the Information Commissioners Office (ICO) guidelines. The ICO is the UK’s independent authority set up to uphold information rights in the public interest.