The core principles of GDPR build on what schools are already doing to protect the data they hold about pupils, parents, staff and Governors.
If you follow the following steps you are well on the way to meeting the requirements of the law.
When gathering and processing personal information remember:
- tell the person what you are collecting, why you are collecting it, who you will share it with and how long you will keep it
- only use the data for what you said you would use it for, only share it with who you said you would share it with and only keep it as long as it is required
- make sure you have made the person aware of their individual rights in respect to the processing of their data and make sure any 3rd parties you share data with have appropriate policies and processes in place to keep the data secure
- whilst managing personal data ensure hard copy data is held securely in lockable cabinets and ensure digital data is protected through effective use of passwords and encryption
Comentários