St Mary and St Joseph’s RC Primary School collects, holds and processes personal data about pupils, staff, parents/carers, governors, visitors and other individuals who have contact with the school. It therefore has a number of legal obligations under the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill.

Within this policy we will set out how we seek to protect personal data and ensure that employees understand the rules governing their use of personal data to which they have access in the course of their employment. This policy applies to all personal data, regardless of whether it is held in paper or electronic format.

The school is a registered data controller with the Information Commissioner and will continue to abide by the new registration arrangements. All members of staff have responsibility for how the school collects, holds and processes personal data. The policy therefore applies to all staff as well as external organisations or individuals processing data on behalf of the school. Staff who do not comply with this policy may face disciplinary action.

This policy also commits that the school will also comply with regulation 5 of the Education (Pupil Information) (England) Regulations 2005, the Protection of Freedoms Act 2012 when referring to use of biometric data and Article 8 of the Human Rights Act 1998.