General Data Protection Regulation (GDPR)
GDPR: Changes to the Data Protection Laws 25th May 2018
What is GDPR?
The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.
‘Personal data’ means information that can identify a living individual.
The regulation will apply to all schools from 25 May 2018, and will apply even after the UK leaves the EU.
What are the main principles of GDPR?
GDPR sets out the key principles that all personal data must be processed in line with.
Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed; accurate and kept up to date; held securely; only retained for as long as is necessary for the reasons it was collected
What type of Data does Furzeham Primary hold?
In most cases, Furzeham Primary holds data such as names, addresses, dates of birth and home details along with assessment, tests and a students history as they progress through the years of the school. Most of this data you would have already seen or supplied to us for which we would have gained consent.
In some circumstances, such as ISS Mediclean (school lunch payment system) or online learning resources such as Accelerated Reader and Times Table Rock Stars some data is held and maybe managed by a third party. If a third party manages data on our behalf we refer to their own policies, but we do make sure that they comply with data protection laws before we use them.
Any organisation has to have a lawful basis to hold data on an individual. For example the lawful basis we keep some data would be under a legal obligation to protect and safeguard a child or another in the public Interest for us to be able to perform our role in education.
What is a Privacy Notice?
A privacy notice is a public statement of how an organisation applies data protection principles to processing data. Below you can find links to the school's privacy notices.
What is 'Right of Access'?
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why organisations are using their data, and check that they are doing it lawfully. In order to request data held by an organisation the individual concerned needs to submit a ‘Subject access request’.
How do I submit a subject access request?
To submit a subject access request (SAR) to Furzeham Primary School, we have attached a form that must be completed and returned.
Furzeham Primary School - Subject access request form.
When an SAR is submitted the school has a duty to respond within 1 month of submission. The response would either contain the data requested or an earlier response may ask for further clarification of the data requested.
How do I make a complaint about Data Protection and information?
Complaints regarding an organisation with regards to Data Protection and GDPR should be made to the Information Commissioners Office either via their website https://ico.org.uk/concerns/ or by calling their helpline number 0303 123 1113.
Where can I find out more information about GDPR ?
GDPR is governed by the Information Commissioners Office (ICO) who are responsible for the UK data protection laws. For more information you can refer to their website https://ico.org.uk/for-the-public/ or by calling 0303 123 1113.
Data Protection Officer: Mr. D. Bunce. Brixham College and Academy Trust. 01803 858271