Data Protection (GDPR) & Privacy
)Data Protection is and always has been important to us at St. George’s and we take data security and confidentiality very seriously.
Any personal data we collect from persons involved in the school in any way e.g. children, families, staff, governors, volunteers etc is kept securely and only shared as necessary and is held and treated within all relevant school policies and procedures.
Data Protection procedures changed under new regulations called GDPR which came into force on 25th May 2018 as the Data Protection Act 2018.
GDPR has been put into place to give data subjects control of their data and organisations processing that data (including schools) more responsibilities in relation to how they collect, process, store, share and destroy data. It’s not just about information technology, but all types of personal data we hold as an organisation.
GDPR requires us to not only minimise any risks to the unauthorised access and loss of personal data within the organisation, but also to provide evidence and documentation of our processing activity.
In order to demonstrate our commitment to GDPR compliance we are doing the following:
- Documenting our processing activity, including ensuring we have a lawful basis for processing
- Auditing this processing and identifying and creating an action plan to mitigate any risks to personal data
- Documenting the compliance of third-party providers and reviewing contracts to ensure compliance with GDPR
- Ensuring that we have processes and procedures in place to ensure the rights of data subjects
- Reviewing the technical and organisational measures in place to protect data
- Training staff and Governors on GDPR and our data handling procedures.
We have also appointed an external organisation, Data Protection Education Ltd. as our Data Protection Officer.
As a school we collect and process large amounts of data. We take our responsibility as custodians of this data very seriously and embrace the opportunities GDPR provides to make improvements in how we handle data.
GDPR is a long-term project and we are committed to developing a privacy programme that becomes a cornerstone of our approach to data in the school. Whilst there will be changes, we are committed to ensuring that there is no negative impact on teaching and learning and the welfare of students and staff.
For more information contact the Data Protection Lead who is the Head Teacher or the school office: firstname.lastname@example.org.
The Data Protection Officer can be contacted at email@example.com