Data Protection Reform (GDPR)

25th September 2017

The General Data Protection Regulation (GDPR) will apply in the UK with effect from 25 May 2018. Whilst the principles are broadly similar to the current Data Protection Act, the GDPR provides greater transparency and accountability with regard to the collection, processing and use of personal data. Personal data is defined as any information that can identify a living individual and includes information held in manual and electronic formats.

Schools will be required to inform parents, visitors and staff of the reasons why personal data is collected, how it will be used and how long it will be retained. In addition, schools will need to identify a legal reason for processing data. Personal data in the school environment will include pupil records, contact details of parents/ guardians, staff personal records and CCTV images.

Particular attention will need to be paid as to how data is stored and disposed of and the security of ‘data on the move’, e.g. as result of home working. Simple steps to protect data can be taken such as ensuring all school laptops and memory sticks are encrypted.

For more details about the GDPR please see the Information Commissioner’s Office (ICO) website https://ico.org.uk , which contains a number of valuable resources such as information specifically for the education sector including a useful webinar, a self-assessment toolkit and guidance on preparing for the GDPR (12 steps to take now).