The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. The new regulations bring higher standards for handling personal data and greater expectations for improved transparency, enhanced data security and increased accountability for processing personal data.
Ravenscliffe High School and Sports College has a legal duty to comply with the requirements of the GDPR. The legislation brings with it the responsibility to inform parents and stakeholders about how we are using pupils’ data and who it is being used by.
What does GDPR mean for schools?
A great deal of the processing of personal data undertaken by the school falls under the specific lawful basis of ‘public task’. It is the schools task to operate successfully and it will mean that specific ‘consent’ will not be needed in the majority of cases in schools.
Complying with the requirements of GDPR will ensure personal data is protected, will give individuals more control over their data, and the school will have greater ‘accountability’ for the data.
The school must ensure that their third party suppliers who may process any of their data are GDPR compliant.
It is a requirement that data breaches which are likely to have a detrimental effect on the data subject are reported to the Information Commissioners Office (ICO), the regulator for all matters relating to data protection within 72 hours of discovery.
Here at Ravenscliffe High School and Sports College we have always valued and protected our student, parents and staff personal data and continue to do so in the presence of GDPR.
The school has an appointed Data Protection Officer (DPO) :
The Crossley Heath School,
Our DPO is Jonathan Lees and is contactable via 01422 360272.
01422 360272 Further information about the legislation can be found on the ICO website at www.ico.org.uk