Langley First School is fully committed to full compliance with the requirements of the General Data Protection Regulation (GDPR). The School will therefore follow procedures which aim to ensure that all our staff, Governors, and contractors who have access to any personal data held by or on behalf of the School are fully aware of and abide by their duties under the GDPR. We also adhere to the guidance issued by the Information Commissioner.
We collect and use information about our pupils in order to carry out our functions. This also includes information about current, past and prospective staff, parents and suppliers of services to us. In addition we are required by law to collect and use information in order to comply with statutory requirements. Personal information must be processed appropriately however it is collected, recorded and used and in whatever format it is held.
We regard the handling of personal information as very important to us being able to carry out our day to day business and essential to maintaining confidence. We therefore fully adhere to the Principles of the GDPR.
How we handle personal and sensitive data
We will ensure that appropriate controls and measures are in place to monitor and review data so:
- It is secure and protected
- It is used in efficient and effective ways to improve the education of our pupils
- Only necessary data is collected
- It is only collected for the purpose as described at the time of collection
- Information is accurate
- Information is not kept for longer than is necessary
- Data which is no longer needed is securely destroyed
- Information is not transferred abroad without suitable safeguards
- There is general information for pupils and parents and staff of their rights to access information
- The rights of pupils, parents and staff about whom information is held can be fully exercised under the General Data Protection Regulations.
We will also ensure appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data) are in place.