The General Data Protection Regulation (GDPR) will apply from 25 May 2018 and will affect the way that schools process people’s personal data. Its overall aim is to make sure that people's sensitive data is kept safe and secure. It's similar to the Data Protection Act (DPA) 1998 in many ways - most of the differences involve the GDPR building on or strengthening the principles of the DPA.
At the moment we are in the process of identifying an external Data Processing Officer who will ensure:
*If the DPO is external, all the requirements of Articles 37 to 39 apply to such a DPO. As stated in the Guidelines, when the function of the DPO is exercised by an external service provider, a team of individuals working for that entity may effectively carry out the DPO tasks as a team, under the responsibility of a designated lead contact and ‘person in charge’ of the client. In this case, it is essential that each member of the external organisation exercising the functions of a DPO fulfils all relevant.
We will continue to keep you updated over the forthcoming weeks and months with our progress to becoming fully “GDPR Compliant” but if you want further information please don’t hesitate to contact the school office.