What is GDPR?
What is GDPR?
GDPR is the new EU legislation and stands for General Data Protection Regulation. It came into force on 25 May 2018 and replaces all data protection legislation in EU member states (including the UK’s Data Protection Act 1998 (DPA)). The GDPR will not be affected by the UK’s decision to leave the EU.
GDPR applies to all organisations processing personal data, including schools and academies. The legislation will determine how data is processed and kept safe, and the legal rights individuals have in relation to their own data.
The GDPR sets out the key principles that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with this purpose;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- Accurate, and where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures.
The GDPR also provides the following rights for individuals:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling.
The GDPR requires all compliant organisations to appoint a Data Protection Officer (DPO). The DPO is responsible for overseeing data protection within the school.
The Data Protection delegate for Mosborough Primary School is: Mrs Joanna Howe
The Data Protection Governor for Mosborough Primary School is: Mr Richard Dale
Data Protection Officer: Judicium Consulting Limited
72 Cannon Street
Tel No: 020 3326 9174
For further information about GDPR please visit the ICO website.
INFORMATION SECURITY POLICY
DATA BREACH POLICY
DATA PROTECTION POLICY (including Subject Access Request appendix)
FREEDOM OF INFORMATION POLICY AND PUBLICATION SCHEME
DATA RETENTION POLICY
PRIVACY NOTICE FOR PUPILS AND PARENTS
PRIVACY NOTICE FOR VISITORS AND CONTRACTORS
PRIVACY NOTICE FOR JOB APPLICANTS
PRIVACY NOTICE FOR VOLUNTEERS AND GOVERNORS
DFE PRIVACY NOTICE FOR ATTENDANCE DATA COLLECTION