What is GDPR?

GDPR stands for General Data Protection Regulation. It has been developed by the European Parliament, with the aim of strengthening and standardising data protection laws for individuals within the European Union.

It is designed to simplify and unify data protection laws across all countries in the EU (including UK even after Brexit).

The regulation is enforceable from 25 May 2018, at which point businesses need to ensure they are fully compliant.

What data is covered by GDPR?

GDPR applies to ‘personal data’ and ‘sensitive personal data’, but not to ‘business data’;

Peraonal Data is any information that allows a person to be directly or indirectly identified. The obvious fields of “personal data” are names and identity numbers, but factors such as location and online identifiers (e.g. also count under the ICO definition.

Our Commitment to GDPR

Data is very important to our school. It has therefore always been essential that our data is both accurate and sensitively handled in accordance with best practice.

Schools by their very nature process a lot of personal data. This data can be very sensitive in nature, detailing medical as well as other aspects such as attainment and performance. Our main driver in terms of data security is the interest of the data subject, the person about whom we hold data. Schools are no different to other institutions and must make sure that policies and procedures are created and adhered to. They also have the responsibility to train and support staff in applying data security practices.
All schools must have policies and procedures to inform staff what to do. One of the statutory policies is a Data Protection Policy. Schools also must publish Privacy notices for both parents and the workforce detailing what information they store and who they have approved to process the data. All schools will also have an Online Safety Policy that will give guidance as to how staff will use technology and this will be linked to an Acceptable User Policy (AUP).

At Herne View Church of England Primary the following people have key responsibility for data protection:

Data Protection Lead – Claire Oaten, Headteacher

Data Protection Officer – Amy Brittain (County Council)

Data Protection Governor Lead – Guy Adams, Chair of Governors

Should you have any concerns regarding data protection please speak to the school office who will forward these to the Data Protection Lead.​


The ICO guidance on GDPR


GDPR Documents: