On the 25 May 2018, the UK’s Data Protection Act 1998 has been replaced by a new law called the GDPR (the EU General Data Protection Regulation 2016). This law governs how we collect, use and share people’s information and provides greater rights to individuals and control over how their information is handled by organisations, including schools.
We have taken steps to review and update our processes around how we are handling your information as detailed below:
1) We have carried out an information audit to detail all the information we hold both electronically and paper based. We have established where the data came from and who it is shared with.
2) We have established the lawful basis for processing personal data. If we do not have a lawful basis then consent has been requested.
3) We have a SAR form to complete if data subjects would like to know the information we hold.
4) We have appointed a Data Protection Officer. Our Data Protection Officer is Paula Harris.
5) We have a data breech reporting procedure in place.
6) All staff have attended training on the new regulations. All staff and governors are required to complete an on-line training module on the new regulations.
7) All our suppliers have been contacted to confirm that they are GDPR compliant.
8) We have reviewed and revised our Data Protection Policy and Privacy Notices. To read them please click on the relevant link below.
If you would like to know more about the GDPR and your rights, please visit the UK’s data protection regulator, the Information Commissioner’s Office at www.ico.org.uk
Should you have any queries regarding the GDPR and our school, or would like to submit a subject access request, please email us at firstname.lastname@example.org