On the 25th May 2018 The General Data Protection Regulation (GDPR) came into force to organisations that process or handle personal data, including schools.

It is similar to the Data Protection Act (DPA) in many ways. Most differences involve the GDPR building on or strengthening the principles of the original DPA.

Why was it introduced?

Databases are easily accessed, searched and edited and with more and more organisations (including schools) storing information on computer to store and process personal information. With this comes the likelihood of this information ending up in the wrong hands, which is exactly why the DPA was introduced.

What is the General Data Protection Regulation (GDPR)?

To put it simply, the GDPR is a new data protection regulation designed to strengthen and unify the safety and security of all data held within an organisation.

How we will prepare for the GDPR

  • Awareness: make people in our school aware of the GDPR and how it will affect us
  • Information: Audit information we currently hold and what Data Processing policies are currently in place
  • Privacy: Ensure we have an up to date privacy agreement
  • Rights: check our current privacy policies to ensure our procedures cover all the rights individuals have
  • Consent: review how we are seeking, obtaining and recording consent for data processing
  • Breaches: Make sure we have procedures in place to investigate and report any personal data breach
  • Pupils: Think about what systems we’re going to put in place to verify the age of individuals and to gather consent from parents or guardians in regards to data processing
  • Officers: Designate a Data Protection Officer to take responsibility for data compliance

Data protection policy Nov 18

St Gregory’s Privacy Notice

St Gregory’s security policy

Use of Images policy

Our Data Protection Officer is:

Mrs Pauline Guy

Business Manager

She can be contacted on the school number 01258 820206