The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which determines how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.
‘Personal data’ means information that can identify a living individual.
The regulation applies to all schools, and will apply even after the UK leaves the EU.
Main principles
The GDPR sets out the key principles that all personal data must be processed in line with.
Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed; accurate and kept up to date; held securely; only retained for as long as is necessary for the reasons it was collected
There are also stronger rights for individuals regarding their own data.
The individual’s rights include: to be informed about how their data is used, to have access to their data, to rectify incorrect information, to have their data erased, to restrict how their data is used, to move their data from one organisation to another, and to object to their data being used at all

Below are relevant documents to download which support the implementation of the GDPR. Please see the our Data Protection Policy June 2018 for further information which can be found under ‘policies’.

G Privacy Notice Pupils and Parents June 2018

H Privacy Notice for employees for workforce details June 18

I GDPR-compliant_consent_form_-_contacting_parents June 2018

K GDPR-compliant_consent_form_-_pupils_personal_data June 18

L GDPR-compliant_consent_form_-_staff_images June 2018

N Subject access request letter gdpr june 18