GDPR Statement (May 2018) for Parents/ Carers and Pupils
We take your privacy very seriously and work to the highest standard to keep your data safe. We welcome the introduction of the General Dara Protection Regulation (GDPR), which came into force on the 25th May 2018, as it provides all of our stakeholders with an opportunity to reflect upon the measures that we have in place to protect data.
We are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the GDPR. Ongoing compliance is embedded in all processes and policies throughout the school.
Who is responsible for Personal Data?
Under the GDPR, we are recognised as a Data Controller, Data Processor or both. The requirements differ depending on our role in the data collection and handling process.
As a Data Controller, under the new GDPR, we define how and why personal data is collected, stored and used. We also use data processors- third parties that process the data we control on your behalf.
We will achieve compliance by ensuring personal data is processed lawfully, transparently and for a specific purpose. One the purpose is fulfilled and the data is no longer required, it will be deleted, as stipulated within our Data Retention Policy.
We currently, comply with existing legislation, the Data Protection Act 1998 and we are very experienced at working with such regulations. It will however, be necessary to make some changes to policies and procedures in light of GDPR.
How are we ensuring we meet GDPR?
- We are registered with the Information Commissioner’s Office as Data Processor
- We utilise a wide range of security measures in line with the recommendations provided by ICO (Information Commissioner’s Office)
- We implement additional security measures including advanced firewalls, enhanced virus protection on all servers, regular data backup, username/ password/ PIN to control access, automatic suspicious activity detection
- We provide data protection training to all teaching and support staff
- We carry out due- diligence with all third party data processors
- We will continue to share the specific details of personal data collected in our Privacy Notices, bespoke to staff, parents and pupils.
- We are completing a comprehensive data mapping audit of the data that we process and store and we are reviewing all our procedures and policies linked to Data Protection.
Our Pupil Privacy Notice can be found here: Pupil Privacy Notice