General Data Protection Regulation (GDPR) is legislation designed to strengthen the rights of Data Subjects (an individual who is the subject of personal data) with regards to how their personal data is processed and used. In the UK, GDPR replaces the Data Protection Act (1998) and has been enforced from Friday May 25 2018.
As a school, we have already made significant steps for GDPR compliance. This includes:
- Re-development of a number of forms (e.g. data collection, home-school agreement, image use, Vericool) to ensure they are GDPR compliant.
- Revision to our IT Acceptable Use Policy for staff and students.
- Whole staff training and awareness of GDPR within school.
- Encryption of all staff laptops and external storage such as USB sticks. This means any data on external hard disks and USB sticks remains secure in the event of loss or theft.
- Option to encrypt out-going e-mails from the school that contain sensitive data. This helps ensure any e-mail and attachments containing sensitive personal information can only be seen and read by the intended person.
- Completion of a full data audit and review.
The above is not an exhaustive list and our school is continuing to review and update policies and procedures to ensure full compliance with GDPR.
The Data Protection Officer for our school can be reached via the following e-mail address: DPO@saintgeorgescofe.kent.sch.uk.