1. Data access request procedures will be handled within the timescales set out in the GDPR and we provide any additional information in line with the GDPR guidance.
2. The processing of personal data will be carried out on a lawful basis as required by the GDPR.
3. Where the school needs to seek consent, it will do so in a manner that meets GDPR standards.
4. Any records of consent and the management of the process for seeking consent will also meet the GDPR standard.
5. Where there is a personal data breach the procedures used to detect, report and investigate it will meet the requirements of the GDPR.
6. The systems the school puts into place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity will meet the standard set in the GDPR.
7. Data protection by design and data protection impact assessments will meet with the ICO’s code of practice on privacy impact assessments as well as with the latest guidance.
8. The school will have a Data Protection Officer who will be given responsibility for data protection compliance.
9. When the school requests data we will provide appropriate privacy notices to explain why data is being collected and under which legal basis, and the purposes for which it is used.