The General Data Protection Regulation (GDPR) is a European law which came into effect on the 25thMay 2018 and is the culmination of 4 years of deliberation on the changes of technology since the current data protection directive 1995 was enacted, as well as possible future technologies. If you consider that in 1995 we had Ceefax, telephone boxes, no internet and no social media, many things have changed, not least the reliance on sharing personal information for banking, e-commerce and social interaction thereby greatly increasing the potential risk to the individual.
All schools handle a large amount of personal data. This includes information on pupils, such as grades, medical information, images and much more including data on staff, governors, volunteers and job applicants.

What is personal data?
This data is already governed by existing DPA (Data Proctection Act) regulations, which ensure personal data is handled lawfully. However, the new GDPR has gone further and requires organisations (including schools) to document how and why they process all personal data.

What is GDPR exactly?
The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon. The EU’s GDPR website says the legislation is designed to “harmonise” data privacy laws across Europe as well as give greater protection to individuals.

Please see our policies below:

Data Breach Management Policy CRPS NOV 18
Data Protection Policy CRPS NOV 18
Data Subject Rights Request CRPS NOV 18
Subject Rights Request Policy CRPS NOV 18

Privacy Notices

Privacy Notice – children (with pictures)
CRPS – Privacy Notice – Workforce
CRPS – Privacy Notice – parents.carers
CRPS – Privacy Notice – Governors

Please note this page is constantly being updated as of November 2018.