GDPR 2018

The General Data Protection Regulation 2018 controls how your personal and sensitive information is used by organisations, businesses and the government. It applies to all countries covered by EU law.

Everyone responsible for processing data (ie anything done to or with the data including collecting, storing or deleting it) has to follow strict guidelines called data protection principles. They must make sure the information is

  • Used fairly, lawfully and in a transparent way
  • Used for specific, explicit and legitimate purposes
  • Used in a way that is adequate, relevant and limited to what is necessary
  • Accurate
  • Kept for no longer than is absolutely necessary
  • Handled according to people’s data protection rights
  • Handled in a safe and secure way
  • Not transferred outside the European Economic Area without adequate protection

The Freedom of Information Act 2000

The Freedom of Information Act 2000 provides public access to information held by public authorities.

It does this in two ways:

  • Public authorities are obliged to publish certain information about their activities, and
  • Members of the public are entitled to request information from public authorities.

The Act covers any recorded information that is held by a public authority in England, Wales and Northern Ireland, and by UK-wide public authorities based in Scotland. Information held by Scottish public authorities is covered by Scotland’s own Freedom of Information (Scotland) Act 2002.

Public authorities include government departments, local authorities, the NHS, state schools and police forces. However, the Act does not necessarily cover every organisation that receives public money. For example, it does not cover some charities that receive grants and certain private sector organisations that perform public functions.

Recorded information includes printed documents, computer files, letters, emails, photographs, and sound or video recordings.

The Act does not give people access to their own personal data (information about themselves) such as their health records or credit reference file. If a member of the public wants to see information that a public authority holds about them, they should make a subject access request under the Data Protection Act 2018.

Privacy Notice – Data Protection Regulation 2018

How we use pupil information

Privacy Notice