General Data Protection Regulation (GDPR)
Schools handle a large amount of personal data. This includes information on pupils, such as assessment data, medical information, images and much more. Schools will also hold data on staff, governors, volunteers and job applicants. Schools handle what the GDPR refers to as special category data, which is subject to tighter controls. This could be details on race, ethnic origin, or trade union membership.
This data is already governed by existing DPA regulations, which ensure personal data is handled lawfully. However, the new GDPR regulations requires organisations to document how and why they process all personal data, and gives enhanced rights to the individual.
Our Privacy Notices outline how and why we collect, store and share data and the lawful basis with which we do this.
Data Protection Impact Assessments
A Data Protection Impact Assessment (formerly known as a Privacy Impact Assessment) is a process designed to help us systematically analyse, identify and minimise the data protection risks of a project or plan. It is a key part of the school's accountability obligations under UK GDPR.