Privacy Notice

Wood Lanes Privacy Notice for Parents:  Privacy Notice 2024.pdf

GDPR Data Protection Policy-pdf

WHAT DOES GDPR MEAN FOR SCHOOLS?

 

A great deal of the processing of personal data undertaken by schools will fall under a specific legal basis, ‘in the public interest’. As it is in the public interest to operate schools successfully, it will mean that specific consent will not be needed in most cases in schools.

GDPR will ensure data is protected and will give individuals more control over their data, however this means schools will have greater accountability for the data:

Under GDPR, consent must be explicitly given where no other lawful basis can be relied upon. 

Schools must appoint a Data Protection Officer (DPO) and be able to demonstrate compliance with UK GDPR Article 5 Principles as the Data Controller. 

Schools must ensure that their third party suppliers (Data Processors) who may process any of their personal data are GDPR compliant and where necessary have legally binding contracts in place. These contracts must cover what data is being processed, who it is being processed by, who has access to it, where it is stored and how it is protected.

It will be compulsory that any data breach which is likely to result in a risk to the rights and freedoms of individuals is reported to the ICO within 72 hours.