General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) came into force on 25 May 2018 and affects the way that schools process people’s personal data. Its overall aim is to make sure that people's sensitive data is kept safe and secure.
The new regulation is about protecting people in the modern information age.
It gives more control to individuals and more responsibilities to organisations which collect and hold your data.
‘Personal data’ means information that can identify a living individual.
The GDPR sets out the key principles that all personal data must be processed in line with.
Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed; accurate and kept up to date; held securely; only retained for as long as is necessary for the reasons it was collected.
There are also stronger rights for individuals regarding their own data.
The individual’s rights include: to be informed about how their data is used, to have access to their data, to rectify incorrect information, to have their data erased, to restrict how their data is used, to move their data from one organisation to another, and to object to their data being used at all.
St Peter’s Privacy Consent Notice and St Peter’s GDPR Data Protection Policy