On May 25th the General Data Protection Regulation came into effect across the EU. The GDPR is a piece of EU-wide legislation which determines how people’s personal data is processed and kept safe and outlines the legal rights individuals have in relation to their own data.
As public organisations, schools (and academies) are required to comply.
At Wateringbury Primary School, we started our GDPR journey in November 2017. We have:
Put a team together to work on compliance.
Made everyone in school aware of GDPR
Written an action plan.
Begun reviewing all of our data and documents.
We already have strong data protection policies in place but these now all need to be updated in line with GDPR. In addition to initial complicance with GDPR, we need to show a paper trail and how we are minimising risk and remaining compliant. This was never going to be a quick job!
The process of becoming and remaining fully GDPR compliant is ongoing because of the nature of school life and different data that we may feel is important to collect in the future.
We already highly value and protect all of our student, parents and staff data and will continue to do so in the presence of GDPR.
As a parent/carer you may receive some letters from us regarding GDPR. Some of those may be about consent and some about updating your information with us. We would appreciate it if you would read all information you receive and send back any relevant documents back to school.
For further information about GDPR please visit the ICO website.
The video below is a great overview of GDPR and how it affects schools and has been produced by GDPRiS to inform parents.