General Data Protection Regulation (GDPR)

The GDPR becomes law on 25th May 2018.

An overview of the main changes under GDPR and how they differ from the previous directive

The school has been working to ensure that all its practices relating to data protection are compliant with the new laws, this has included:

  • Conducting a self-assessment of readiness for GDPR.
  • Reviewing all documentation from Gov.UK, ICO, IRMS Toolkit.
  • Completion of an in-depth audit, checked by CEFM (our HR provider), of all data processing in the school.
  • Attendance at training for GDPR readiness.
  • All staff have completed on-ine GDPR level 2 training.
  • Reissue of letters for photography of children.
  • Reissue of Privacy Notices for anyone associated with the school.
  • Issue of OPT-IN email for information about the school.
  • Fortnightly meetings to work through the 12 steps to the GDPR.
  • Information for staff, governors and parents in letters, meetings and emails.
  • Review of contracts with our suppliers.
  • Requests of privacy notices from all our IT providers, e.g. Parentmail, ParentPay, IT hosting, CPOMS, SIMS etc.
  • Review of policies: Data Protection; CCTV; Freedom of Information

The school information sharing tree below has some useful links to the school’s GDPR information.