On May 25th the General Data Protection Regulation will come into affect across the EU. The GDPR is a piece of EU-wide legislation which will determine how people's personal data is processed and kept safe and the legal rights individuals have in relation to their own data.
As public organisations, schools (and academies) are required to comply.
At Holy Trinity CE Primary School, we started our GDPR journey in February 2018.
- Put a team together to work on compliance.
- Made everyone in school aware of GDPR including governors and appointed a GDPR governor.
- Written an action plan.
- Begun reviewing all of our data and documents.
Holy Trinity already has strong data protection policies in place but these now all need to be updated in line with GDPR. In addition to comply with GDPR, we need to show a paper trail and how we are compliant. This is not going to be a quick job!
The process of becoming fully GDPR compliant will be long because it affects all aspects of the school.
General Data Protection Regulation – Parent/Carer information
We need to hold personal information about your child on our computer system and in paper records to help us with their educational needs. Your Headteacher is responsible for their accuracy and safe-keeping. Please help to keep your child’s records up to date by informing us of any change of circumstances.
School staff have access to your child’s records to enable them to do their jobs. From time to time information may be shared with others involved in your child’s care, if it is necessary. Anyone with access to your child’s records is properly trained in confidentiality issues and is governed by a legal duty to keep their details secure, accurate and up to date.
All information about your child is held securely and appropriate safeguards are in place to prevent accidental loss.
In some circumstances we may be required by law to release your child’s details to statutory or other official bodies, for example if a court order is presented, or in the case of public educational issues. In other circumstances you may be required to give written consent before information is released – such as the educational reports for insurance, solicitors etc.
To ensure your child’s privacy, we will not disclose information over the telephone or email unless we are sure that we are talking to you - the parent/carer. Information will not be disclosed to family and friends unless we have prior written consent and we do not leave messages with others.
You have a right to see your child’s records if you wish. Please ask at the school’s office if you would like further details. An appointment will be required. There is usually no fee payable.
We already highly value and protect all of our student, parents and staff data and will continue to do so in the presence of GDPR.
As a parent/carer you may receive some letters from us regarding GDPR. Some of those may be about consent and some about updating your information with us. We would appreciate it if you would read all information you receive and send back any relevant documents back to school.
For further information about GDPR please visit the ICO website.
The video below is a great overview of GDPR and how it affects schools and has been produced by GDPRiS to inform parents.
We have a Data Protection Officer (DPO), which is run by Staffordshire County Council. To contact them, please email: firstname.lastname@example.org
Last updated: November 2020