From the 25th May 2018, the UK’s Data Protection Act 1998 is being replaced by a new law called the GDPR (the EU General Data Protection Regulation 2016). This law governs how we collect, use and share people’s information and provides greater rights to individuals and control over how their information is handled by organisations, including schools. The following link shows a film that explains the requirements and how they affect schools in a straightforward and easy-to-understand way.
GDPR Mind Map for schools visually shows the various tasks and key areas to understand in preparation to comply with the General Data Protection Regulations ...
We’re taking steps to review and update our processes around how we are handling your information in readiness for these changes. We have attached here, our privacy notices explaining how we handle pupil and staff information, what rights you have and how to exercise them and our policies around this.
Under the GDPR, the data protection principles set out the main responsibilities for organisations: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/
Information about your rights under GDPR can be found on the Information Commissioner’s website.
All of the information we hold on individuals follows the six key principles:
- Fair, lawful and transparent
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary
- Accurate, and where necessary, kept up to date
- Kept in a form which permits identification for no longer than is necessary
- Processed in a manner that ensures appropriate security
- and your rights are:
Under the new regulations, you have the:
- Right to be informed - to know what, how, where, and for how long your data is used
- Right to access - be able to see and know what data is being held
- Right to rectification - to fix any errors in the data held
- Right to erasure - to choose to have the data erased
- Right to restrict processing - to stop data being used for certain purposes
- Right to data portability - to move a copy of the data elsewhere
- Right to object - to complain about how your data is used
- Rights related to automated decision making and profiling
Should you have any queries regarding the GDPR and our school, please email Balvinder Singh, School Business Manager at email: firstname.lastname@example.org