General Data Protection Regulation (GDPR)
What is the GDPR?
The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union.
The GDPR aims primarily to give control back to all EU citizens of their personal data and it is intended to strengthen and unify data protection for all individuals within the European Union.
When the GDPR takes effect, it will replace the 1995 Data Protection Directive. It becomes enforceable from 25 May 2018.
What does the GDPR mean for Schools?
The GDPR applies to all organisations including schools.
It is focused on looking after the privacy and rights of the individual and is based on the premise that consumers and data subjects should have knowledge of what data is held about them and how it is used.
All schools must have a designated Data Protection Officer DPO. The DPO for the Tonbridge Federation is Matthew Harris (Senior Deputy Headteacher).
The Six Principles of the GDPR:
The GDPR requires that data should be:
Processed lawfully, fairly and in a transparent manner;
Collected for specific, explicit and legitimate purposes only;
Adequate, relevant and limited to its stated purposes only;
Accurate and kept up to date;
Kept in a form which permits the identification of data subjects for no longer than is necessary;
Processed in a manner that ensures appropriate security of the personal data.
The school is responsible for and must be able to demonstrate compliance with these principles.
The Tonbridge Federation (Hugh Christie School & Long Mead Community Primary School) GDPR Policies and Documentation:
On this page, the Tonbridge Federation policies and additional documentation can be accessed, giving details of procedures and compliance with the six main principles of the GDPR.
GDPR policy can be accessed here.
Privacy Notices for External Organisations Linked to the Schools:
To access the privacy notices from external organisations with which the schools share student data, please click here.