The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.
‘Personal data’ means information that can identify a living individual.
Main principles
The GDPR sets out the key principles that all personal data must be processed in line with.
Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed; accurate and kept up to date; held securely; only retained for as long as is necessary for the reasons it was collected
There are also stronger rights for individuals regarding their own data.
The individual’s rights include: to be informed about how their data is used, to have access to their data, to rectify incorrect information, to have their data erased, to restrict how their data is used, to move their data from one organisation to another, and to object to their data being used at all.
Please note that when completing our new data collection forms parent/carers are taking responsibility to gain permission from a third party, ie grandparent etc, with regards to sharing contact details.
What is GDPR?
The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. The new regulations brought higher standards for handling personal data and greater expectations for improved transparency, enhanced data security and increased accountability for the processing of personal data.
Ashurst Primary School has a legal duty to comply with the requirements of the GDPR. The legislation brings with it the responsibility to inform parents and stakeholders about how we are using pupils' data and who it is being used by.
What does GDPR mean for schools?
A great deal of the processing of personal data undertaken by the school falls under the specific lawful basis of ‘legal obligation’ or 'public task’, This means that specific ‘consent’ will not be required in the majority of cases in school. In limited circumstances, we will obtain your consent; for example, if we want to place photographs of pupils on our website, in the newspaper or on social media. Where you do consent to us collecting and using personal information, you have a right to withdraw your consent at any time.
The school must ensure that their third party suppliers who may process any of their data are GDPR compliant.
It is a requirement that data breaches which are likely to have a detrimental effect on the data subject are reported to the Information Commissioners Office (ICO), the regulator for all matters relating to data protection within 72 hours of discovery.
At Ashurst Primary School we have always valued and protected our pupils, parents and staff personal data and continue to do so in the presence of GDPR.
The school has an appointed Data Protection Officer (DPO) :
HY Education
Unit 1, Reed House
Hunters Lane
Rochdale
Greater Manchester
OL16 1YL
They can be contacted by telephone 0161 543 8884 or by email at DPO@wearehy.com
Further information about the legislation can be found on the ICO website at www.ico.org.uk
Our Governor for GDPR is Mr Chris Forrest.