The General Data Protection Regulation (GDPR) will come into force from 25 May 2018, replacing the existing Data Protection Act. Although the GDPR is not a complete overhaul of the existing legislation, there are key changes designed to reflect how personal data is collated and processed.

To help Haringey schools work towards compliance, Schools HR has produced model documentation, including a GDPR policy and relevant privacy notices.  Copies of these are available from your Haringey School’s ER advisor and have been added to the Haringey Schools HR portal.   

With the deadline approaching, the key tasks to complete are to:

• appoint a data protection officer;
• ensure your governing body has adopted relevant privacy notices and a GDPR policy;
• review your third party data processor's contracts;
• review your subject access procedures (Haringey Schools HR has created a model process to guide schools, which will be circulated for use.)

DofE Data Protection Toolkit for Schools

The Department for Education (DfE)  has released a data protection toolkit for schools (external link). This is particularly useful when devising a data retention strategy.  The new toolkit has been developed to support and guide schools in their efforts to prepare for GDPR. The toolkit provides guidance to both senior leaders and those governing. The guidance particularly focuses on providing assistance with developing adequate data protection policies and procedures, as well as processes for managing information and other data related activities.