In This Section


GDPR: What does this mean for Peartree Spring?



The law relating to data protection is going to change on 25 May 2018 and so Peartree Spring is preparing now to ensure that they are compliant with the new legislation.  This overview provides a brief introduction to the key changes parents need to be aware of. 


Under the new GDPR regulations, Peartree Spring is committed to ensure that we comply with the requirements of the new legislation.


What is the change to the law?

At the moment, the Data Protection Act 1998 (“DPA 1998”) applies to the way in which schools and trusts handle personal data.  Schools and trusts will be familiar with the general requirements of the DPA 1998, for example, the circumstances when they can disclose personal data and what to do if a person submits a subject access request.


From May 2018, the DPA 1998 will be replaced by the General Data Protection Regulation which is often referred to as the “GDPR”.  Although many of the principles will remain the same as the DPA 1998, there will be some changes that will affect schools.


Why is the law being changed?

Since the DPA 1998 became law, there have been a lot of changes to information technology and the way in which individuals and organisations share information. 


Why do schools need to respond to this?

Schools and trusts have to comply with the DPA 1998 at the moment and the GDPR will also apply to the education sector when it comes into force.


Schools process a lot of personal data relating to pupils and staff in order to carry out their functions.  They also acquire personal data relating to other people including, for example, parents / carers, governors, trustees, members of the local community, suppliers, contractors and consultants. Peartree Spring will ensure that we handle personal data correctly and securely.


What are the key changes that will affect Peartree Spring?

In general terms, the GDPR places more emphasis on transparency, accountability and record keeping.  Therefore, Peartree Spring has reviewed our current procedures to ensure that we meet the higher standards set out in the GDPR.


Peartree Spring is committed to you complying with the GDPR principles, by implementing “…comprehensive but proportionate governance measures” to meet this accountability requirement.  Peartree Spring has implemented technical and organisational measures to show that we have integrated data protection into our processing activities.

Peartree Spring already has a privacy notices in place as a matter of good practice. However, the privacy notices will become an even more important tool to demonstrate transparency and it now contains more information to let parents know how we will use this personal data. 

As well as the privacy notices, schools and trusts should identify timely and appropriate opportunities to ensure they are being transparent with people about what they are doing with personal data.  For example, if we are collecting personal data on a form, we will tell people, in simple terms, what we will be doing with the personal data.

Please note: Given that some of the guidance on the GDPR is still being drafted, there may be some further information and detail which is published by the ICO in the coming months which could have implications for schools and the steps we need to take to comply with the law.