Schools handle a large amount of personal data. This includes information on pupils, such as grades, medical information, images and much more. Schools will also hold data on staff, governors, volunteers and job applicants.
Schools will also handle what the GDPR refers to as special category data, which is subject to tighter controls. This could be details on race, ethnic origin, biometric data or trade union membership.
What is personal data?
This data is already governed by existing DPA regulations, which ensure personal data is handled lawfully. However, the new GDPR has gone further and requires organisations to document how and why they process all personal data, and gives enhanced rights to the individual.
“What the GDPR has done is taken the previous regime, built upon it and modernised it for the current technological and societal environment,” says Claire Williams, an information and cyber law specialist from law firm Mills & Reeve.
“In terms of schools, and the education sector in general, there’s going to be much more of a focus on data protection and it’s going to have to be much more at the forefront of peoples’ minds, particularly the senior leadership when they’re deciding on policies and bringing in new technology.”
In the May Half Term letter from the Principal, we explained what action Thorp Academy and Northern Education Trust will be taking in order to meet the requirements of GDPR. The privacy notice for students has been updated and can be accessed via our policies page and here.
Over week commencing 11/06/2018 parents will receive a letter from Thorp Academy requesting renewed permission to use biometics and well as photographs.