All schools in Northamptonshire are individually responsible for ensuring that they comply with the requirements of both the Data Protection Act (DPA) 1998 and the Freedom of Information Act (FOIA) 2000.
If you are unclear about your obligations under either legislation or would like more specific support with a particular Information Governance issue or request, please contact the Information Commissioner’s Office (ICO) on 0303 123 1113.
Northamptonshire County Council is not legally obliged to provide support to schools or academies to assist them with enquiries under information disclosure legislation. However, to assist schools the council has compiled the following table:
Data Protection Act 1998
Freedom of Information Act 2000
General Data Protection Regulation (GDPR)
The current DPA is to be replaced by new legislation known as the General Data Protection Regulation – or GDPR – on 25 May 2018.
With this new legislation comes additional responsibilities around how we handle and process data, and it will introduce significant increases in fining levels (up to 20 million euros) for any serious breach of the new regulations.
While Brexit will have some impact in terms of application of the regulations over time, the UK will still be bound by GDPR in order to do business with Europe and to keep up with changing laws and attitudes to privacy around the globe.
Overview of the GDPR
This overview issued by the ICO highlights the key themes of the GDPR to help organisations understand the new legal framework in the EU - Overview of the General Data Protection Regulation (GDPR).
GDPR: 12 steps to take now
The ICO has issued guidance to organisations to help them prepare for the GDPR - Preparing for the General Data Protection Regulation (GDPR).
Getting ready for the GDPR
Designed to help you get your house in order, this checklist helps you get ready for the new legislation. It includes getting to grips with the new rights of individuals, handling subject access requests, consent, data breaches, and designating a data protection officer, under the upcoming GDPR.