GDPR will replace our current Data Protection Act (DPA) and is designed to harmonise data protection legislation across Europe so that we all operate to the same standards. It is also designed to take into account the huge changes in the use of data across the past twenty years since the DPA came into force, such as the launch of Google, Apple iPhones, Facebook etc. along with the increased use of computers, tablets and software in schools.
GDPR introduces a number of changes that will impact schools – not least that of consent. Education has always valued people’s rights and freedoms and has been very good at taking steps to protect personal data, but GDPR introduces new requirements as well as increased penalties for non-compliance.
It is important to note that schools store personal data on more than just the students enrolled there. Teaching staff, assistants, governors, parents, cleaners and more - everyone who is held on the database or on paper records will need to have their data carefully managed to prevent any personal data from being mishandled.