On 25th May 2018 the General Data Protection Regulation (GDPR) came into force. This replaced the Data Protection Act 1998 and is intended to improve the safety and security of personal data held by organisations, and make sure that people understand what information is held about them and why.
Please click here for a parent-friendly explanation of the changes and regulations.
We have always taken great care of the personal information we hold about pupils and parents, but the new law means that we are taking some further steps.
- Firstly, you should be aware that you have a number of rights under the GDPR. You have the right to:
- Be informed about how we use your personal data.
- Request access to the personal data that we hold.
- Request that your personal data is amended if it is inaccurate or incomplete.
- Ask us to erase your personal data if there is no compelling reason for its continued processing.
- Request that the processing of your data is restricted.
- Object to your personal data being processed.
- At the link below, you will find our privacy notice for pupils and parents, which explains in detail what personal data we hold, why we hold it and who we share it with.
The Privacy Notice provides details of our Data Protection Officer (DPO), who provides us with advice on compliance with GDPR and our data protection obligations, and can be contacted at firstname.lastname@example.org if you wish to make a request or complaint about your personal data. The privacy notice also explains about your rights to complain to the Information Commissioner’s Office.
- In line with the new requirements, we have revised our policies covering Data Protection and Information Security and this is available below:
- If personal data is likely to be significantly involved or affected when we develop new systems or introduce new technology, we will carry out a data protection impact assessment (DPIA) to ensure that privacy issues are addressed.
- If you would like any more information about GDPR, you can visit the Information Commissioner’s website and in particular the Guide to the General Data Protection Regulation webpage.