GDPR AND YOUR RIGHTS
From the 25th May 2018 the new General Data Protection Register, (GDPR) will become law. As an organisation that gathers and uses data (information) we are required to review our data handling and related procedures.
The new law states tht you have 9 rights in relation to the data we hold. These are:
- the right to see the data we keep on record
- the right to request changes where errors exist
- the right to request that something is removed from the record / data
- the right to request that information is not used in any way other than originally intended
- the right to have your data used by somebody else
- the right to object to data being used for marketing or other commercial purposes
- the right for your childrens data to be used for their education only
- the right to complain about how the data has been gathered and used in this school
- the right to compensation if damages have occured as a result of our data handling
YOUR CHILD'S DATA
As a school we require some essential data from parents. This 'data' can be as simple and as routine as your address, a contact phone number or any medical conditions your child may have. Such information is not only legally required by the shool, but also ensures that children and their families are well served by the school for routine matters.
In most cases, this data will be provided by you in a written form but will then be 'processed' and entered onto the school's information management systems (computer system). Be assured that our systems are:
- password protected
- restricted to those with a 'need to know'
- regularly backed up externally
- managed in accordance with the law and local guidance
However, as a school we handle and use a much wider variety of data which may include our CCTV recordings, test data, referrals to social care and much more. We will now let you know how we manage this kind of data. You can find full details of this on our 'Annual Data Statement' also available to download and view on this page of our website.
SHARING YOUR DATA
We will always endeavour to tell you what we are doing with your data. However on occasion we may be required to pass on data to other people / agencies. The circumstances in which we would be likely to do so include:
- where we believe your child to be at risk of harm
- we are legally required to do so
- at the request of police services in relation to a crime
We will always try to notify you when we have passed on data to somebody else. However, it is likely that on occasion time-scales may limit our ability to do so.
DATA PROTECTION OFFICER
We are required to appoint a Data Protection Officer (DPO) to monitor our policies and procedures in relation to data. Our DPO is Mr Justin Byford.
If you have any concerns or questions, you should direct them to the DPO in the first instance, via firstname.lastname@example.org. He will help you with any requests you may have and advise you of your rights. In addition to his advice, this area of the school's website contains a number of documents for guidance as well. These include:
- the school Data Protection Policy
- the school Annual Data Statement
- Data Complaints and Amendments Forms
The school must operate within the law (GDPR). This means that we must:
- have a Data Protection Officer
- Have policies for the management of data (including complaints)
- respond to complaints or requests within one calendar month
- keep parents informed of what we 'do' with any data
- inform you of any breach in our data that affects you
The school will not usually charge for any request by parents. However, it would consider making a charge when requests are considered to be unfounded or excessive.
For further information on GDPR and data protection, please visit the Information Commissioner’s Office website https://ico.org.uk/for-the-public/