What is the GDPR?
The GDPR is a set of guidelines for the collection and processing of personal information of individuals within the EU and is effective in the UK from 25 May 2018 – replacing the Data Protection Act (DPA) 1998.
Accountability and governance
Under the GDPR, schools are expected to have comprehensive and proportionate governance measures in place to minimise the risk of data breaches.
Schools should:
- Implement internal data protection policies, e.g. staff training
- Maintain relevant documentation and processing activities.
- Appoint an appropriate DPO.
- Implement measures that meet the principles of data protection by de-fault, including data minimisation and transparency.
- Use data protection impact assessments where appropriate.
Please contact Mrs Sophie Howes, the Responsible Officer for more information.
Please click on the links below for more information regarding GDPR.