General Data Protection Regulations
GDPR Statement – A commitment to Compliance
May 2018
The GDPR, which will come into force on 25th May 2018 as the Data Protection Act 2018, is a step change in data protection and privacy law in the UK. The GDPR aim to strengthen the protection of personal data in light of significant technological changes since the original Data Protection directive in 1995.
It is in place to give data subjects control of their data and gives organisations processing that data (including schools) more responsibilities in relation to how they collect, process, store, share and destroy data. It’s not just about information technology, but all data we hold as an organisation.
As a school, we collect and hold a great deal of personal data - not only about students, but also staff, parents, volunteers, visitors, suppliers and other ‘data subjects’. GDPR requires us to not only minimise any risks to the unauthorised access and loss of personal data within the organisation, but also to provide evidence and documentation of our processing activity.
Our school already takes great care of the information given to us so we are already well on the way. We have robust and secure systems for both our electronic and paper records.
We are working on ensuring our on-going compliance across the six data protection principles to ensure data within school is:
- Processed fairly, lawfully and in a transparent manner.
- Used for specific, explicit and legitimate purposes.
- Used in a way that is adequate, relevant and limited.
- Accurate and kept up to date.
- Kept no longer than is necessary.
- Processed in a manner that ensures appropriate security of the personal data.
In order to demonstrate our commitment to GDPR compliance we are doing the following:
- Documenting our processing activity, including ensuring we have a lawful basis for processing.
- Auditing this processing and identifying and creating an action plan to mitigate any risks to personal data.
- Documenting the compliance of third-party providers and reviewing contracts to ensure compliance with GDPR .
- Ensuring that we have processes and procedures in place to ensure the rights of data subjects.
- Reviewing the technical and organisational measures in place to protect data.
- Training staff and Governors on GDPR and our data handling procedures.
We have also appointed an external organisation, Thomas Ng at West Berkshire Council as our Data Protection Officer.
We are changing a few of our systems in order to become fully compliant and give you the access that you are entitled to under the new legislation. We ask you to bear with us and thank you for your continued support for the school during these changes.
If you have any questions, concerns or would like more information, please contact the school office Email: office@sun.w-berks.sch.uk Telephone: 0118 9832223