The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which determines how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data. The regulation came into force on 25th May 2018.
The GDPR is similar to the DPA, but strengthens many of its principles. The main changes are:
- Data Protection Office appointed, who will advise on compliance with the GDPR and other relevant data protection law
- Privacy notices must be in clear language and include some extra information (the school’s legal basis for processing, and the individuals rights in relation to their own data
- Schools will have a month to comply with subject access requests, and in most cases can’t charge
- Where the school needs an individual’s consent to process data, this consent must be freely given, specific, informed and unambiguous
- New special protections for children’s data
- The Information Commissioner’s Office must be notified within 72 hours of a data breach
- Schools will have to demonstrate how they comply with the new law
- Schools will need to carry out a data protection impact assessment when considering using data in new ways, or implementing new technology to monitor pupils.
- Higher fines for data breaches.
Our Data Protection Officer: Sian Durrant
Landline: 01473 260741