What is GDPR?
General Data Protection Regulations, or GDPR, is a system that has been designed to protect the personal data and privacy rights of all citizens within the European Union. The new regulations will bring the UK into line with the current rules governing countries including Germany, Canada and Australia. The GDPR will replace the Data Protection Act 1998 on 25th May 2018.
The GDPR places greater emphasis on the documentation that data controllers (‘The School’) must keep to demonstrate their accountability.
What does GDPR actually do?
GDPR does a few things:
- It defines what is meant by ‘personal data’
- It confers rights on ‘data subjects’
- It places obligations on ‘data controllers’ and ‘data processors’
- It creates principles relating to the processing of personal data
- It provides penalties for failure to comply with the above
What is personal data?
The definition of personal data under GDPR is given as being:
‘ Any information relating to an identified or identifiable person (data subject); an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.
Who are Data Controllers and Data Processors?
The Data controller is the person or organisation which determines purposes and means of the processing of personal data.
The data processor is the person or organisation which processes the personal data on behalf of the controller.
What rights do Data Subjects have?
Data subjects – the living individuals that the personal data being processed relates to have the following rights under GDPR:
- The right to be informed what data you are using, why and for what purpose
- The right of access – you can see what data we are processing if you request
- The right of rectification – if your data is wrong, we have to correct it
- The right to erasure
- The right to restrict processing – you can ask us to stop using your data unless we have legitimate legal basis to continuing to do so
- The right to object – you can object to us using your data unless we have an overriding legitimate reason to continue
Individuals have an increased right of access to their data and it’s use
All individuals will have a right to obtain confirmation that the data controller is processing their personal data. They will be able to request access to all their personal data that you are processing including what data you are processing, why you are processing it, who it is being shared with and how it will be retained.
Information we hold about you and your child
We have procedures in place for the recording and sharing of information [data] about you and your child that is compliant with the principles of the General Data Protection Regulations (2018) as follows:
The data, we collect is
- Processed fairly, lawfully and in a transparent manner in relation to the data subject you and your family
- Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes.
- Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed.
- Accurate and, where necessary, kept up to date.
- Kept in a form that permits identification of data subjects you and your family for no longer than is necessary for the purposes for which the personal data is processed.
- Processed in a way that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
When you register your child with us, our privacy notice gives you further details of how we fulfil our obligations with regard to your data.
Strictly Necessary Cookies
These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms.
You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information.
These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites.
They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.