General Data Protection Regulation
What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data. It will apply from 25 May 2018 to organisations that process or handle personal data, including schools.
The full General Data Protection Regulation has been published by the Council of the EU and the UK will be implementing the GDPR despite its intention to leave the EU.
GDPR ICO REGISTRATION NUMBER IS:
check our details on the ICO website (click here)
GDPR DATA PROTECTION OFFICER IS:
SPS DPO Services
Please read our Privacy Notices below:
The legal basis for processing data
The majority of the processing of personal data within a school falls under the basis of it being in the ‘public interest’ as it is in the public interest that we operate schools and educate our children. This would include, for example, storing personal and academic information about our pupils, their parental contact details, their attendance record, the annual census requirements and medical information.
However, there will be occasions when we need to receive consent from parents/carers in order to process a child’s data and the GDPR has brought in stricter rules around consent. Consent for processing someone’s personal data must be freely given, specific, informed and unambiguous, and a positive affirmation of the individual’s agreement.
Therefore, there are a number of situations in which we need to gain written consent from parents. One of these is consent around the use of photos.