The General Data Protection Regulation (GDPR) condenses the Data Protection Principles into six areas, which are referred to as the Privacy Principles. They are:

1. The school must have a lawful reason for collecting personal data and must do it in a fair and transparent way.

2. The school must only use the data for the reason it is initially obtained.

3. The school must not collect any more data than is necessary.

4. It has to be accurate and there must be mechanisms in place to keep it up to date.

5. The school cannot keep it any longer than needed.

6. The school must protect the personal data.

These privacy principles are supported by a further principle – accountability.

This means that your setting must not only do the right thing with data but must also show that all the correct measures are in place to demonstrate how compliance is achieved.

There is also an expectation that staff will be trained on data protection. Documentation on policies, procedures and training is going to be a key part of any effective compliance programme.

We already highly value and protect all of our student, parents and staff data and will update or practices and procedures to keep up-to-date with current data protection regulations.

For further information about GDPR please visit the ICO website.

https://ico.org.uk/

We have appointed a Data Protection Officer (DPO) to oversee the way the school handles data and ensure that requests for data are dealt with in accordance with GDPR.

Any subject access requests (SAR), Freedom of Information requests (FOI) and queries you have about the way in which your data is handled please contact our DPO.

Mr Richard Maskrey

dpo@morgans.herts.sch.uk