GDPR

General Data Protection Regulations

The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.

The General Data Protection Regulation (GDPR) came into effect on the 25th May 2018 and  covers all the countries in the EU and has been adopted by the UK. It is heavily based on the Data Protection Act 1998 but will lead to us as a school having to refine our approach to Data Protection, as it brings many enhancements to the rights of individuals in regards to their personal data.  There is also an emphasis on accountability which will inevitably mean that as a school we will have to increase the amount of documentation we use to record procedures and issues. As a school we have been developing our approach to ensuring that we are fully compliant with GDPR  and the aim of this page is to outline our GDPR compliance and share resources to explain the implications of GDPR and what it means for schools.

 

We collect and hold a great deal of personal data – not only about students, but also staff, parents, volunteers, visitors, suppliers and other ‘data subjects’. GDPR requires us to not only minimise any risks to the unauthorised access and loss of personal data within the organisation, but also to provide evidence and documentation of our processing activity.
In order to demonstrate our commitment to GDPR compliance we are doing the following:

  •  Documenting our processing activity, including ensuring we have a lawful basis for processing.
  •  Auditing this processing and identifying and creating an action plan to mitigate any risks to personal data.
  •  Documenting the compliance of third-party providers and reviewing contracts to ensure compliance with GDPR.
  •  Ensuring that we have processes and procedures in place to ensure the rights of data subjects.
  •  Reviewing the technical and organisational measures in place to protect data.
  •  Training staff on GDPR and our data handling procedures.

Protecting Data

As a school we have reviewed all of the data that we currently hold and produced a “Data Asset Register” which documents the type of data, the data processor, where the data is stored, the reason that the data is stored and any potential risks that must be considered when developing policies/procedures around data protection. Included in this process has been making contact with any data processors to ensure that they are all GDPR compliant. Below is a list of the data processors used by the school.

  • RM Integris ( School Management Information System)
  • CPOMS (Child Protection Online Monitoring System that incidents are stored on)
  • Sonar Tracker (Assessment software)
  • Office Education 365 (Staff email and cloud storage)

 

GDPR is a long-term project and we are committed to developing a privacy programme that becomes a cornerstone of our approach to data in the school. Whilst there will be changes, we are committed to ensuring that there is no negative impact on teaching and learning and the welfare of students and staff.

The Data Protection Officer  is Dee Whitmore – 01773 851078 and DPOService@schoolspeople.co.uk

 

Downloads

    error: Content is protected !!