The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy for all individuals within the European Union.
The GDPR aims primarily to give control back to all EU citizens of their personal data and it is intended to strengthen and unify data protection for all individuals within the European Union.
When the GDPR takes effect, it will replace the 1995 Data Protection Directive. It becomes enforceable from 25 May 2018.
The GDPR applies to all organisations including schools.
It is focused on looking after the privacy and rights of the individual, and is based on the premise that consumers and data subjects should have knowledge of what data is held about them and how it is used.
All schools must have a designated Data Protection Officer DPO. The DPO for Two Bridges School is GDPRis.
Two bridges School policies and additional documentation can be accessed, giving details of procedures and compliance with the six main principles of the GDPR. The documents available are:
Below are the privacy notices from external organisations with which the schools share student data.