Brexit – Guidance on data protection implications for the Trust and your Academy;

 

If the UK leaves the EU without a deal, most of the data protection rules affecting the Trust and its Academies will stay the same.

According to the Information Commissioners’ Office, the UK is committed to maintaining the high standards of the GDPR (General Data Protection Regulation) and the government plans to incorporate it into UK law after Brexit.

As the Trust and its Academies already comply with the GDPR, there will not be much more to prepare for data protection compliance after Brexit.

Sharing data outside the UK

Some points to consider:

• Do you share any Personal Data (staff, pupil or parents) with anyone outside of the UK?
• Do you receive any Personal Data from anyone outside of the UK?

If you do not share data with anyone outside of the UK, there is no further action required – you should continue to comply with GDPR.

If you do share data with anyone outside of the UK, then a standard contractual clause will be the best way to keep data flowing.   Please contact Michelle Boniface, Data Protection Officer – DPO@kcsp.org.uk who can advise on the action is required, if any.

 

Trips outside the UK

Academies should not be sharing Personal Pupil Data with anyone outside of the Academy when on school trips, unless specific consent has been granted by the Parent/Carer/Guardian.

Post-Brexit the guidance from the Trust will not change, however travel advice should be monitored by the Academy.

Any agreement in place with a third party operator in relation to the trip, should ensure that no Personal Pupil Data is required to be shared.  Teachers travelling on the Trip, should retain copies of Personal Pupil Data, Emergency Contact Details and Medical information. 

If you are unsure, please contact Michelle Boniface, Data Protection Officer, DPO@kcsp.org.uk.