The General Data Protection Regulation (GDPR) is a new EU law that came into effect on 25 May 2018. It replaces the current Data Protection Act 1998 and the changes remain in place even after the UK left the EU in 2019. GDPR gives individuals greater control over their own personal data.
GDPR condenses the Data Protection Principles into six areas, referred to as the Privacy Principles.
1. You must have a lawful reason for collecting personal data and must do it in a fair and transparent way.
2. You must only use the data for the reason it is initially obtained.
3. You must not collect any more data than is necessary.
4. It has to be accurate and there must be mechanisms in place to keep it up to date.
5. You cannot keep it any longer than needed.
6. You must protect the personal data.
These privacy principles are supported by a further principle – accountability. This means the setting must not only do the right thing with data but must also show that all the correct measures are in place to demonstrate how compliance is achieved.
We keep data about all individuals secure and aim to protect data against unauthorised change, damage, loss or theft. All data collected is only accessed by authorised individuals. All paper forms are kept locked away and all computers and tablets are password protected.
Any data we receive will be kept confidential and then correctly disposed of once it is no longer needed.
All parents are provided with privacy notices which inform them of our procedures around how and why we collect data, information sharing, security, data retention, access to their records and our commitment to compliance with GDPR 2018.