As you may be aware, the regulations for Data Protection changed on the 25th May 2018, replaced by the General Data Protection Regulations (GDPR). This new regulation affects all schools, businesses, organisations and other establishments that use and process personal information.
What does GDPR mean for schools?
For schools, GDPR brings a new responsibility to inform parents and stakeholders about how they are using pupils’ data and who it is being used by.
Under GDPR, consent must be given to anything that isn’t within the normal business of the school, especially if it involves a third party managing the data. Parents (or the pupil themselves depending on their age) must give consent for the data to be used outside of the normal business of the school.
Schools must ensure that their third party suppliers who may process any of their data is GDPR compliant and must have legally binding contracts with any company that processes any personal data. These contracts must cover what data is being processed, who it is being processed by, who has access to it and how it is protected.
At Y Daith, we are required to hold a range of information about your child in order to support them during their time with us. This is for a variety of different reasons including supporting individual needs, monitoring the progress of individual pupils and securing the safety of our pupils.
The safe processing and ongoing protection of your child’s personal information is part of our aim of establishing effective safeguarding processes. We have a number of processes in place to ensure that the guidance outlined in the GDPR (2018) is fully implemented within the running of our school.