What is GDPR?
GDPR stands for General Data Protection Regulation. It has been developed by the European Parliament, with the aim of strengthening and standardising data protection laws for individuals within the European Union.
It is designed to simplify and unify data protection laws across all countries in the EU (including UK even after Brexit).
The regulation is enforceable from 25 May 2018, at which point businesses need to ensure they are fully compliant.
What data is covered by GDPR?
GDPR applies to ‘personal data’ and ‘sensitive personal data’, but not to ‘business data’;
Peraonal Data is any information that allows a person to be directly or indirectly identified. The obvious fields of “personal data” are names and identity numbers, but factors such as location and online identifiers (e.g. firstname.lastname@example.org) also count under the ICO definition.
Our Commitment to GDPR
Data is very important to our school. It has therefore always been essential that our data is both accurate and sensitively handled in accordance with best practice.
Schools by their very nature process a lot of personal data. This data can be very sensitive in nature, detailing medical as well as other aspects such as attainment and performance. Our main driver in terms of data security is the interest of the data subject, the person about whom we hold data. Schools are no different to other institutions and must make sure that policies and procedures are created and adhered to. They also have the responsibility to train and support staff in applying data security practices.
All schools must have policies and procedures to inform staff what to do. One of the statutory policies is a Data Protection Policy. Schools also must publish Privacy notices for both parents and the workforce detailing what information they store and who they have approved to process the data. All schools will also have an Online Safety Policy that will give guidance as to how staff will use technology and this will be linked to an Acceptable User Policy (AUP).
At Greenfylde the following people have key responsibility for data protection:
Data Protection Lead – Claire Oaten, Headteacher
Data Protection Officer – Amy Brittain (County Council)
Data Protection Governor Lead – Guy Adams, Chair of Governors
Should you have any concerns regarding data protection please speak to the school office who will forward these to the Data Protection Lead.
- Data Asset Audit March 2021 Greenfylde May 2021
- Greenfylde FoI Publication Scheme and Explanatory Note 2021
- Greenfylde Model Data Protection and FoI Policy January 2021
- Greenfylde eLIM online safety policy v3 May 2021
- eLIM - Model CCTV Policy adopted Greenfylde October 2020
- eLIM Privacy Notice Governors Maintained Sept 2021 adopted by Greenfylde School
- eLIM Privacy Notice Pupils and Parents Maintained Sept 2021 adopted Greenfylde School
- eLIM Privacy Notice Recruitment Maintained Sept 2021 adopted by Greenfylde School
- eLIM Privacy Notice Workforce Maintained Sept 2021 adopted by Greenfylde school