The General Data Protection Regulation (GDPR) is EU-wide legislation that will apply to all organisations, including schools, from 25th May 2018. The GDPR determines how people’s personal data is processed and stored. Also, the GDPR sets out the legitimate purposes for using people’s personal data. The term ‘personal data’ refers to any information that can identify a person.
We ask for parents’ consent to use children’s personal data in certain ways. For example, we seek explicit consent from parents to publish photographs of children.
At St Mary’s C of E Primary School, policies and procedures are designed with privacy at their core. As the school is part of the St Edmundsbury and Ipswich Diocesan Multi Academy Trust (MAT), we are subject to the MAT’s Data Protection Policy, which can be found at the bottom of this page.
The GDPR requires us to update our Privacy Notices, which inform you about how we use personal data. The school’s Privacy Notices can be viewed by selecting the one you wish to view. Click on the Employee Privacy Notice, Job Applicant Privacy Notice or the Parent Privacy Notice at the bottom of this page.
Under the GDPR, schools must appoint a Data Protection Officer, who will advise on compliance and liaise with the Information Commissioner’s Office if necessary. If there is a serious data breach, the Data Protection Officer must notify the individuals affected and the Information Commissioner’s Office. Contact details for the school’s Data Protection Officer are below:
Data Protection Officer: Sarah Ingram, Schools' Choice
Landline: 01473 260700
If parents require any further information about data protection or the GDPR, please contact the Headteacher, Mr A. Frolish, via the school office.