GDPR

On 25th May 2018, the General Data Protection Regulation (GDPR) came into force in the UK.  This new data protection regulation builds upon the Data Protection Act of 1998.

The GDPR requires public authorities and businesses to identify the lawful basis for storing personal data and audit information that we already hold and take a ‘data protection by design’ approach to personal data.

We take data protection very seriously at Oakleigh School and Early Years Centre.  In line with GDPR requirements, we have appointed a Data Protection Officer, Ian Smith, of Satswana, a specialist data protection company to oversee our approach to data protection.

In order to ensure that we comply with the new regulations, we have reviewed our current policies and practices.  We are updating our privacy notices and data protection policy in line with the new requirements.

GDPR Logo

For the majority of data that we hold on students and parents, the lawful basis for processing is ‘public task’.  As a public body, we have various statutory reporting duties regarding safeguarding, attendance, assessment etc. and are required to share information with the Department for Education, the Local Authority and other agencies. 

For certain other data, we rely on consent that was gathered as your child joined the school (eg. using your child’s image in publicity for the school or on the school website).

The UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

Visit web site

Although the law has changed, the data we hold has not.  Of course, we will continue as always to protect the data we hold on you and your child.

To learn more about the General Data Protection Regulation, please visit the Information Commissioner’s Office website on http://ico.org.uk.

Further Information

Privacy Notice Pupils Oakleigh's GDPR Policy