General Data Protection Regulation (GDPR)
The Data Protection Act 1998 has been added to by the Data Protection Act 2018 reflecting new European legislation called the General Data Protection Regulation (GDPR). The new law will extend the rights of individuals and require organisations holding personal data to comply with a new stricter set of rules.
The new regulations were introduced on 25th May 2018.
Changes will include the following new rights for Data Subjects
The new rights are:
the right to be forgotten – in some cases an individual can ask for their personal data to be deleted
changes to consent required from individuals
where consent for the use of personal data is required it must in future be explicit, non-ambiguous and given freely
can be withdrawn
Mandatory Breach Notification
In certain circumstances Schools will have to tell the Information Commissioner Office about unauthorised disclosures of personal data as soon as they are discovered. If the disclosure has serious implications for any individuals, they will have to be informed as well.
Privacy by Design
Schools will design data protection into development of business processes, new systems and undertake Privacy Impact Assessments (PIAs).
Read more about these by clicking on the link to the right called “Privacy Impact Assessments”.
Data Protection Officers
A designated post of data protection officer will be strategically responsible for GDPR.
Data Protection Officer is: Brian Fischer, Assistant Headteacher.
GDPR Programme Manager is: Louise Crowder, Director of Business & Resources
Our GDPR Team is:
Mark Dickens - ICT Manager
Anita Jones - Business & Finance Manager
Angela Stephenson - Information Manager
Bev Wright - HR Manager
More information is available in the GDPR guidance attached to this page.