General Data Protection Regulation (GDPR)
What is GDPR?
This refers to the General Data Protection Regulation which superseded the Data Protection Act 1998, on 25 May 2018.
In essence, the legislation is about protecting personal data and how it is used. It gives individuals greater control and say over how their personal data is used. The legislation is designed to ‘harmonise’ data privacy laws across Europe, as well as give greater protection and rights to individuals. The GDPR applies to the public, as well as businesses and bodies that handle personal information.
GDPR defines personal data as:
Any information relating to an identified or identifiable person (known as a Data Subject).
An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an ID number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.
Requesting Access to Personal Data
Under data protection legislation, parents have the right to request access to information held about themselves and their children under the age of 16.
To make a subject access request for yourself or your child(ren)'s personal information please contact the school office.