Data Protection & Privacy
The General Data Protection Regulation (GDPR) is an EU-wide legislation determining how organisations, including schools, safely process or handle personal data and the legal rights individuals have in relation to their own data.
The GDPR came into force from the 25th of May 2017, strengthening and building on many of the principles of the Data Protection Act (DPA) 1998. It’s overall aim is to make sure that sensitive and personal data is kept safe and secure including by requiring organisations to take appropriate security measures against unauthorised access, alteration, disclosure or destruction of personal data.
In all aspects relating to data privacy, data protection and the GDPR, we adhere to primary guidance issued by the Independent Commissioners Office and also accompanying guidance issued by the London Diocesan Board of Schools (LDBS).
As a voluntary aided school that gathers and uses data (information), we are committed to protecting the privacy and security of your personal information. Under the law outlined by the GDPR, we have reviewed our data handling and other related procedures to include the following:
- Appoint a Data Protection Officer
- Ensure the required policies are in place for the safe management of your personal data and your rights in relation to them
- Ensure a response to data privacy complaints and requests within one calendar month
- Inform you if there has been any data handling breaches that may affect you
- Inform you on how we handle your data
Data Protection Officer
The school is registered as a data controller with the Information Commissioner’s Office and renews this registration annually or as otherwise legally required. As we process personal information relating to pupils, staff, governors, visitors and others, we are defined as being both a data controller and a data processor.
Under the GDPR, we are allowed to delegate this responsibility and as such have appointed a Data Protection Officer who, in conjunction with the services offered by the Data Processor (turnITon), will deal with all requests and enquiries concerning our use of any personal data.
If you have any concerns or questions regarding this matter, you should direct them to Mrs E. Camplin, Data Protection Officer in the first instance, by emailing firstname.lastname@example.org or making contact via the school office.
Related policies and privacy notices:
The following are some of the policies that come under the scope of the GDPR.
Our Data Protection policy fully outlines our aims with regards to ensuring that all personal data about staff, pupils, parents and visitors is collected, stored and processed in accordance with the Data Protection Act 1998.
Our separate Privacy Notices (also known as a fair processing notice) for pupils & parents, staff, governors, trainees and supply, consultants & contractors contain information on what data we hold on, what we use it for, who we share it with and how long we keep it.
We also have a Breach Management policy and staff, volunteers, governors and contractors working at the school are required to sign our ICT User Agreement as well as adhere to our Email Security and Etiquette Guidance.