GDPR (General Data Protection Regulation)
As a school we are aware of our responsibilities under the new GDPR that came into force on the 25th May 2018. We are working with our strategic partner ‘Turn It On’ to ensure that we are compliant.
Six Principles Of Data Protection
There were 8 principles under the DPA and now there are 6. Essentially the same but condensed. Article 5 of the GDPR states that personal data must be:
1) Processed fairly, lawfully and in a transparent manner in relation to the data subject.
2) Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes.
3) Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed.
4) Accurate and, where necessary, kept up to date.
5) Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
6) Processed in a way that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Individuals have the following rights:
1) be informed of data processing (which is covered by the School’s Privacy Notice)
2) access information (also known as a Subject Access Request)
3) have inaccuracies corrected
4) have information erased
5) restrict processing
6) data portability (this is unlikely to ever be relevant to schools)
7) intervention in respect of automated decision making(automated decision making is rarely operated within schools)
8) Withdraw consent
9) Complain to the Information Commissioner’s Office
For further information please contact the designated GDPR lead: James Vernon on firstname.lastname@example.org