On 25 May 2018 the General Data Protection Regulations (GDPR) came into force.

The GDPR is based on data protection principles that our school must comply with.

The principles say that personal data must be:

• Processed lawfully, fairly and in a transparent manner
• Collected for specified, explicit and legitimate purposes
• Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed
• Accurate and, where necessary, kept up to date
• Kept for no longer than is necessary for the purposes for which it is processed
• Processed in a way that ensures it is appropriately secure

We will only process personal data where we have one of 6 ‘lawful bases’ (legal reasons) to do so under data protection law:

• The data needs to be processed so that the school can fulfil a contract with the individual, or the individual has asked the school to take specific steps before entering into a contract

• The data needs to be processed so that the school can comply with a legal obligation
• The data needs to be processed to ensure the vital interests of the individual e.g. to protect someone’s life
• The data needs to be processed so that the school, as a public authority, can perform a task in the public interest, and carry out its official functions
• The data needs to be processed for the legitimate interests of the school or a third party (provided the individual’s rights and freedoms are not overridden)

• The individual (or their parent/carer when appropriate in the case of a pupil) has freely given clear consent

Please direct any queries to our Data Protection Officer:

Alison Carder contact on: admin@honiton-pri.devon.sch.uk