What is GDPR?
General Data Protection Regulation
Data protection rules across Europe are about to see their biggest overhaul in 20 years. A lot has changed since the existing data protection laws and regulations were created in the 1990s. As a society, we’re creating vast amounts of digital information each day and the laws that govern our personal info are no longer fit for purpose.
The result is the mutually agreed European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. It will change how businesses, public sector organisations and schools can handle the information of their customers or in schools its parents, students and staff.
What are your rights?
- We are required to ask your consent to use the data that we hold on your child
- You have the right to withdraw that consent
- You have the right to be informed – all schools must be transparent in how they are using personal data
- You have the right to data portability – this allows individuals to retain and reuse their personal data for their own purpose
- You have the right to object – in some circumstances, individuals are entitled to object to their personal data being used
- You have the right to rectification of incorrect or incomplete data and a duty to ensure we are informed if any information changes– giving individuals the right to rectify personal data
- You have the right to erasure – often referred to the right to be forgotten
Perryfields High School
We are very active in our GDPR compliance. We are committed to ensuring we do the right thing for our Pupils and Staff and the third parties we work with. We are focused on ensuring our processes can be evidenced to demonstrate compliance.
Complete GDPR compliance can only be achieved through a collaborative and transparent approach.
We area working on the following:
- Identification of a Data Protection Officer
- Data mapping and Data Asset Register
- Embedding data privacy into all our processes
- Information security risk
- Third party risk and our data partners
- Responding to individual complaints and data subject access requests (DSARs)
- Data Privacy Breach procedures
- Ongoing monitoring
GDPR Roll Out
We have started to roll out new GDPR privacy notices.
We are ensuring that all processing of data done in school complies with GDPR
There are six lawful processing conditions:
- Compliance with a legal obligation
- Performance of a contract
- Legitimate interest
- Public interest
- Vital interest
- Consent – This is now explicit consent & transparent at the point of data collection, informing exactly how data is to be used and who it will be shared with.
DPO – Data Protection Officer.
Working on Behalf of Perryfields High School – www.sipseducaiton.co.uk
Perryfields High – Internal GDPR Team
To contact please email GDPR-Team@perrys.org.uk
In line with new laws on data protection – GDPR, Capita SIMs has granted school’s access to a new convenient way for you to access, review and request changes to the data held on you and your children direct from your phone as well as see key term dates. Please read attached letter.