GENERAL DATA PROTECTION REGULATION (GDPR)
On 25 May 2018 the General Data Protection Regulation (GDPR) replaced the Data Protection Act 1998.
The Grange Community Primary School collects, holds and uses a great deal of information about individuals, particularly pupils and adults connected with the school. Under the Regulation (EU) 2016/679 (General Data Protection Regulation), data about living individuals is known as personal data. The regulation puts in place numerous safeguards for the use of data about individuals.
Under the GDPR, the data protection principles set out the main responsibilities for organisations: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/
The Grange Community Primary School has a statutory duty to comply with the requirements of the GDPR as it collects data about pupils and adults associated with the school for school business. The school is also required to produce a privacy notice explaining how information is collected and processed.
Information about your rights under GDPR can be found on the Information Commissioner’s website.
All of the information we hold on individuals follows the six key principles:
Fair, lawful and transparent
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary
Accurate, and where necessary, kept up to date
Kept in a form which permits identification for no longer than is necessary
Processed in a manner that ensures appropriate security.
If you have any questions, concerns or would like more information about anything mentioned above, please contact Ms B Boswell (Headteacher).