General Data Protection Regulation
On the 25th May 2018, the General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998. GDPR brings with it a new responsibility to inform parents and stakeholders about how we are using personal data and who it is being used by.
Attain Academy Trust is registered as a ‘Data Controller’ with the Information Commissioner’s Office (Reg. No. Z6544921).
Our Data Protection Officer is Mrs Ellwood
What does GDPR mean for the School?
GDPR requires schools to identify the lawful basis for processing and storing personal data, to audit information already held and to take a ‘data protection by design and default’ approach to personal data. It also introduces new individual rights relating to personal data.
At Rayne Primary School, we take our GDPR obligations seriously. We will ensure that your personal data is processed fairly and lawfully, is accurate, is kept secure and is retained for no longer than is necessary. Our pupils, parents, carers, staff, governance members and stakeholders have the right to be right to be informed, to object, to rectification, to erasure, to restrict processing and to data portability
A great deal of the processing of personal data undertaken by the school will fall under a specific legal basis ‘in the public interest’. As it is in the public interest to operate schools successfully, specific consent will not be required in the majority of cases in schools. Explicit consent must be given however to anything that isn’t within the normal business of the school, especially if it involves a third party.
The documents to the below detail how Rayne Primary School comply with GDPR:
- Privacy Notice for Pupils and Parents
- Privacy Notice for Workforce
- Privacy Notice for the Website
- Privacy Notice for Trustees and Governors
- Third Party Providers for Rayne Primary School