In light of the changes to Data Protection with the introduction of the GDPR (General Data Protection Regulation) on the 25th May 2018, we have made some changes to the way we collect, use and share your data.
The GDPR is an updated set of rules designed to harmonise data privacy laws across Europe and gives greater protection and rights to individuals.
The GDPR implements 6 principals:
We have recently updated our Privacy notice which can be found on our website which details the information which we collect, the purpose for which we collect it, any 3rd parties who this may be shared with and how long we will retain it.
Under the GDPR, there is an enhancement of individuals rights:
It is important to note, where organisations have a legitimate purpose for the collection, use, sharing and storage of data these will therefore overrule individual’s rights and processing can continue.
Subject access requests (SAR)
If you wish to contact the School to obtain information that we hold, please complete the form available on the website or retrieve a paper copy in house. Proof of ID will need to be provided in order for the request to be completed and a response will be issued within one month from the date the request is received.
Data Protection Officer (DPO)
The data protection officer (DPO) is responsible for overseeing the implementation of this policy, monitoring our compliance with data protection law, and developing related policies and guidelines where applicable.
They will provide an annual report of their activities directly to the governing body and, where relevant, report their advice and recommendations on school data protection issues.
The DPO is also the first point of contact for individuals whose data the school processes, and for the ICO.
Full details of the DPO’s responsibilities are set out in their job description. Our DPO is Mr. Joe Lee and is contactable via e mail on DPO@ark.me.uk. Or Joe.Lee@ark.me.uk
Ark ICT Unit 6 Venture Court, Pinchbeck, Spalding PE11 3BG
Tel: 01775 720252 / 07815 041186
Reporting a Data Breach
If you believe that your personal or sensitive data has been compromised, please complete the 'Reporting a Breach' form available on collection from the office. All forms will be given to the Data Protection Officer.
What is GDPR?
GDPR stands for: General Data Protection Regulation. Although the school has been working in line with the Data Protection Act from 1998, new regulations in relation to your personal data come into effect from 25th May. Claypole Church of England Primary School will ensure that personal data is protected and kept safely and securely. It will ensure that its policy for data protection is used as the basis for collecting, storing, accessing, sharing and deleting personal data. The school will use the General Data Protection Regulations (GDPR) as the benchmark for its standard for protecting personal data.
The requirements of the GDPR will be met by this school as the basis for collecting, storing, accessing, sharing and deleting personal data. Data will be processed fairly lawfully and in a transparent manner. It will be used for specified, explicit and legitimate purposes in a way that is adequate, relevant and limited. It will be accurate and kept up to date and kept no longer than is necessary. Data will be processed in a manner that ensures appropriate security of the data.