The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will
determine how people’s personal data is processed and kept safe, and the legal rights individuals
have in relation to their own data.

‘Personal data’ means information that can identify a living individual.

Main principles

The GDPR sets out the key principles that all personal data must be processed in line with. ·        

Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and
legitimate purposes; limited to what is necessary for the purposes for which it is processed;
accurate and kept up to date; held securely; only retained for as long as is necessary for the
reasons it was collected.

There are also stronger rights for individuals regarding their own data.

The individual’s rights include: to be informed about how their data is used, to have access
to their data, to rectify incorrect information, to have their data erased, to restrict how their data
is used, to move their data from one organisation to another, and to object to their data being
used at all.
Woburn Lower School Data Protection Policy
Woburn Lower School Privacy Notice for Workforce
Woburn Lower School Privacy Notice for School Governors and Volunteers
Woburn Lower School Privacy Notice