Risley Lower Grammar

GDPR

A brief summary of the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

 

About Data Protection

 

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018, replace the Data Protection Act 1998. The core principles of the new Acts remain largely the same as the previous Act with a few key updates designed to reflect the changes in how we use personal data since the original DPA was written.

With these updates to the law come new requirements for data controllers and processors in terms of protecting people’s personal data and respecting their rights. The various updates and changes brought by GDPR can be categorised into three main step changes;

 

1.    Transparency - means telling people more about what we are doing with their personal data. This will largely happen in your updated Privacy Notice, which is the most outwardly visible sign of your compliance with the GDPR.

2.    Control - means giving people more control over what we do with their data. The GDPR gives people new rights, such as the right to erasure and the right to rectification. This should not impact too much on schools as they are not absolute rights. If you have a compelling reason to keep the records (such as a legal obligation) you are not required to erase all records relating to an individual.

3.    Accountability - while we have always been required to comply with the principles set out in the Data Protection Act, we must now comply and also be able to demonstrate how we comply with the principles set out In the GDPR. This means we must have a heightened awareness of the data processing activities we are involved in, know clearly what the legal basis for it is, and keep detailed records of it all to prove it.

 

Data Protection Framework for Schools - June 2024

 

1. Data Protection Policy - June 2024

2. Privacy Notice (Pupils) - June 2024

3. Privacy Notice (Workforce) - June 2024

4. School Guidelines on Records Retention Periods - June 2024

5. Social Media Policy - July 2024

6. Bring Your Own Device Procedure - June 2024

7. IT Security and Acceptable Use Policy - July 2024

8. Off Site Working Procedure - June 2024

9. CCTV Policy - not applicable

10. Privacy Notice (Governors) - June 2024

11. Special Category Data Policy - July 2024

12. AI Policy - not applicable

13. Remote Learning Policy - June 2024

DP Framework

 

Data Protection Officer:  Education Data Hub (GDPR for Schools), Derbyshire County Council

 

Privacy Notice - DfE School Attendance Data Collection