Put simply, the GDPR (General Data Protection Regulation) is the new data regulation that’s designed to ensure the safety and security of all data held within an organisation.

New data protection regulations came in to force on 25th May 2018. It replaced the previous Data Protection Act, making changes to data protection rules and regulations that organisations such as educational establishments previously adhered to. The legislation was designed to “harmonise” data privacy laws across Europe as well as give greater protection and rights to individuals. GDPR affects everyone, and every organisation, in some way.

As a school, we are classed as “data controllers” and as such we need to state how and why personal data is processed and ensure we abide by data protection laws.

We must ensure personal data is processed lawfully, transparently, and for a specific purpose. Explanations as to the information we hold, why we collect this information, where it is held, who we share it with and how a parent can request access to this data can be found in our Privacy Notice.

We have outlined Parents Nine Rights in relation to our school’s management of their child’s data which can be accessed here:

The data protection officer (DPO) is responsible for overseeing and monitoring our compliance with the new GDPR and supporting the development of related policies and guidelines.

The DPO is the first point of contact for individuals whose data the school processes, and for the ICO.

Our DPO (Karen White) can be contacted via the school office or via: kwhite@coppice.worcs.sch.uk Please click here to view our school’s GDPR Policy: