The General Data Protection Regulation (GDPR) came into effect on 25 May 2018.    GDPR is an EU Regulation regarding the collection, storage and processing of personal data. All organisations within EU member states will have to comply with GDPR.

Whilst Heckington St Andrew’s School has always handled data in line with the 8 principles of the Data Protection Act 1998, it has taken some steps to comply with GDPR. Following guidance from the Information Commissioner’s Office (ICO) we have:

  • Appointed a Data Protection Officer (DPO). Contact details

  • Carried out an audit of all personal data held about staff, students, parents/carers and community users.

  • Written a new GDPR Policy which has been adopted by the full Governing Body:

           Data Protection Policy

  • Updated our Privacy Notices:

             Privacy Notice for Children

             Privacy Notice for Parents

Consent is one of the lawful bases for processing information. Consent must be freely given, specific and informed, and unambiguous and there must be evidence to show that consent has been given and is current. For this reason, we will be asking parents to renew consent on an annual basis for using their child’s name, voice, image or likeness in various media based productions, such as photographs in this Newsletter, stories in the local Press, photographs in the school Prospectus etc.