Everything you need to know about GDPR

June 13th, 2017

The New General Data Protection Regulation (GDPR)

What is GDPR?

The GDPR, which stands for General Data Protection Regulation, will give individuals more control over how their personal information is used and give companies a clearer, simpler policy to follow. The ways in which data is used has moved on since the Data Protection Act of 1998 was introduced.

Who is responsible for data protection in my school?

Each school should have a designated Data Protection Officer. MATs can appoint one Officer to act across the trust.

How long should my school keep data for?

There are no hard and fast rules regarding the keeping of personal data, only that once it has been used for the purpose of its collection it should then be deleted. The only overriding rule will be if the data needs to be kept because of a requirement by law.

However, it is worth bearing in mind that an individual has the right to have their personal data deleted if there is no legal requirement to keep it.

How does this affect my school? 

Schools should already be working in line with to the current Data Protection Act and so implementing the new regulation should not be as onerous as it sounds because it is building on the current Data Protection Act requirements.

However, it is easy to become complacent where Data Protection is concerned and therefore it is essential to plan your approach to GDPR compliance early and to get key staff in your school onboard.

Below are a few simple steps your school can take to ensure you are getting ready to comply with the GDPR:

  1. Review your Privacy Notice, which should be clearly displayed on your school’s website and somewhere in the building, to make sure you have added the GDPR requirements. These include explaining the lawful basis for why your school are processing data, your data retention periods and an individual’s rights to contact the Information Commissioners’ Office if they have concerns on the way you are handling their data.
  2. Ensure there is clear documentation to explain how you process data, who has access to it, whether the data is shared and, if so, with whom. Some of this information will be contained in the Privacy Notice. Your school needs to be able to produce documentation showing how you keep control of the data. A lot of schools will have this information in one form or another and the key is ensuring that this information links up, is kept centrally and staff understand their roles and responsibilities.
  3. Explain clearly how your data is kept secure, naming your Data Protection Officer, how access rights to the data are given and where the data is stored.


Further information can be found at the Information Commissioners’ Office web site https://ico.org.uk/

If you have a query about this article please do contact enquiries@croydon.peachpreview.co.uk  We will be providing further guidance and training about GDPR over the coming months.