General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) is a new set of EU guidelines governing how organisations handle personal data. Schools handle large amounts of personal data, such as information on pupils, staff, governors, volunteers and job applicants. Schools also handle what the GDPR refers to as special category data, which is subject to tighter controls. This could be details on race, ethnic origin, biometric data or trade union membership.
Data is already governed by existing DPA regulations, which ensure personal data is handled lawfully. The new GDPR goes further and requires organisations to document how and why they process all personal data, and gives enhanced rights to the individual.