GDPR Statement (May 2018) for Parents/Carers and Pupils/Students
We take your privacy very seriously and work to the highest standard to keep your data safe. We welcome the introduction of the General Data Protection Regulation (GDPR), which comes into force on the 25th May 2018, as it provides all of our stakeholders with an opportunity to reflect upon the measures that we have in place to protect data.
We are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR). Ongoing compliance is embedded in all processes and policies throughout the academy.
Who is responsible for Personal Data?
Under the GDPR, we are recognised as a Data Controller, Data Processor, or both. The requirements differ depending on our role in the data collection and handling process.
As a Data Controller, under the new GDPR, we define how and why personal data is collected, stored, and used. We also utilise data processors – third parties that process the data we control on your behalf.
We will achieve compliance by ensuring personal data is processed lawfully, transparently, and for a specific purpose. Once the purpose is fulfilled and the data is no longer required, it will be deleted, as stipulated within our Data Retention Policy.
We currently comply with existing legislation, the Data Protection Act 1998, and are very experienced at working within such regulations. It will however, be necessary to make some changes to policies and procedures in readiness for 25th May 2018.
How we are preparing for GDPR
We are registered with the Information Commissioner's Office as Data Processor
We utilise a wide range of security measures in line with the recommendations provided by ICO (Information Commissioner's Office)
We implement additional security measures including advanced firewalls, enhanced virus protection on all servers, regular data backup, username/password/PIN to control access, automatic suspicious activity detection and logging etc.
We provide bespoke data protection training to all teaching and support staff.
We carry out due-diligence with all third party data processors.
We will continue to share the specific details of personal data collected in our Privacy notices, bespoke to staff, parents and pupil. The revised notices are publicly available on our website.
We have completed a comprehensive data mapping audit of the data that we process and store. We have also reviewed our data breach incident response procedure.
If you would like to read more about GDPR, the following video on YouTube, provides an excellent visual story of a school’s GDPR journey.