The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data. It will apply from 25 May 2018 to organisations that process or handle personal data, including schools.
It’s similar to the Data Protection Act (DPA) 1998 in many ways. Most of the differences involve the GDPR strengthening the principles of the DPA. The full General Data Protection Regulation has been published by the Council of the EU and the UK will be implementing the GDPR despite its intention to leave the EU.
The GDPR brings in stricter rules around consent. Consent for processing someone’s personal data must be freely given, specific, informed and unambiguous, and a positive affirmation of the individual’s agreement. Therefore, there are a number of situations in which we need to gain written consent from parents.