The General Data Protection Regulation (GDPR) is a European law which came into effect on the 25thMay 2018 and is the culmination of 4 years of deliberation on the changes of technology since the current data protection directive 1995 was enacted, as well as possible future technologies. If you consider that in 1995 we had Ceefax, telephone boxes, no internet and no social media, many things have changed, not least the reliance on sharing personal information for banking, e-commerce and social interaction thereby greatly increasing the potential risk to the individual.
All schools handle a large amount of personal data. This includes information on pupils, such as grades, medical information, images and much more including data on staff, governors, volunteers and job applicants.

What is personal data?
This data is already governed by existing DPA (Data Proctection Act) regulations, which ensure personal data is handled lawfully. However, the new GDPR has gone further and requires organisations (including schools) to document how and why they process all personal data.

What is GDPR exactly?
The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon. The EU’s GDPR website says the legislation is designed to “harmonise” data privacy laws across Europe as well as give greater protection to individuals.

Please see our policies below:

CRPS Data Breach Management Policy

CRPS Data Breach Management Procedure

Making a data Subject Rights Request appendix 2 & 3 CRPS
Subject Rights Request Policy CRPS Nov 19

Privacy Notices

Privacy Notice – children (with pictures)
CRPS Privacy Notice – parents.carers

CRPS Privacy Notice – pupils

CRPS – Privacy Notice – Governors

CRPS Privacy Notice – Recruitment

CRPS – Privacy Notice – Workforce

Please note this page is constantly being updated as of November 2019.