Menu
Home Page

GDPR

GDPR - The General Data Protection Regulation

 

GDPR is not new - we have always worked under the Data Protection Act, but it has been reviewed and updated under the title of GDPR.

 

The GDPR is a piece of EU-wide legislation which will determine how people's personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.

 

'Personal Data' means information that can identify a living individual.

 

The regulation will apply to all schools from 25 May 2018, and will apply after the UK leaves the EU.

 

Main Principles

 

The GDPR sets out the key principles that all personal data must be processed in line with.

 

* Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed; accurate and kept up to date; held securely; only retained for as long as is necessary for the reasons it was collected.

 

There are also stronger rights for individuals regarding their own data.

 

* The individual's rights include: to be informed about how their data is used, to have access to their data, to rectify incorrect information, to have their data erased, to restrict how their data is used, to move their data from one organisation to another, and to object to their data being used at all.

 

 

New Requirements

 

The GDPR is similar to the Data Protection Act (DPA) 198 (which schools already comply with), but strengthens many of the DPA's principles.

 

These are the main changes:

* Schools must appoint a data protection officer, who will advise on compliance with the GDPR and other relevant data protection law

 

* Privacy notices must be in clear and plain language and include some extra information - the school's lawful basis for processing the individual's rights in relation to their own data

 

* Schools will only have a month to comply with subject access requests, and in most cases can't charge

 

* Where the school needs an individual's consent to process data, this consent must be freely given, specific, informed and unambiguous

 

* There are new, special protections for children's data with regard to online services

 

* The Information Commissioner's Office must be notified within 72 hours of a data breach

 

* Schools will have to demonstrate how they comply with the new law

 

* Schools will need to carry out a data protection impact assessment when considering using data in new ways. or implementing new technology to monitor pupils

 

 

 

Parent guide to Subject Access Request

Privacy Notices & Consent Forms -JPS Specific

Top

Cookies

Unfortunately not the ones with chocolate chips.

Our cookies ensure you get the best experience on our website.

Please make your choice!

Cookies

Some cookies are necessary in order to make this website function correctly. These are set by default and whilst you can block or delete them by changing your browser settings, some functionality such as being able to log in to the website will not work if you do this. The necessary cookies set on this website are as follows:

Website CMS

A 'sessionid' token is required for logging in to the website and a 'crfstoken' token is used to prevent cross site request forgery.
An 'alertDismissed' token is used to prevent certain alerts from re-appearing if they have been dismissed.
An 'awsUploads' object is used to facilitate file uploads.

Matomo

We use Matomo cookies to improve the website performance by capturing information such as browser and device types. The data from this cookie is anonymised.

reCaptcha

Cookies are used to help distinguish between humans and bots on contact forms on this website.

Cookie notice

A cookie is used to store your cookie preferences for this website.

Cookies that are not necessary to make the website work, but which enable additional functionality, can also be set. By default these cookies are disabled, but you can choose to enable them below: