You will have heard that there is new regulations in place regarding how organisations handle personal data - it is called the General Data Protection Regulations and it became mandatory from May 25th 2018.
Our school handles a large amount of personal data. This includes information on pupils, such as assessments, medical information, images and much more. We also hold data on staff, governors, volunteers and job applicants.
As part of our daily work we also handle what the GDPR refers to as special category data, which is subject to tighter controls. This could be details on race, ethnic origin, biometric data or trade union membership.
Data regulations are nothing new, data is already governed by existing DPA regulations, which ensure personal data is handled lawfully. However, the new GDPR has gone further and requires organisations to document how and why they process all personal data, and gives enhanced rights to the individual.
With the increased emphasis on accountability will come more pressure on leaders to ensure their staff receive the necessary training. Systems in place will also impact anyone who handles personal data, even if that’s an attendance register.
Any data subject (that’s someone whose data the school holds) can exercise certain rights with regards to their data. This means that a parent could ask for a school to produce all data it currently holds on their child, or a job applicant could ask you to erase all their details. Under the new law an individual could ask for their data in a portable form so they can pass it on to another organisation.
The school would be legally obliged to carry out these requests within 28 days of the request being given.
Although individuals were previously allowed to request access and an amend to any inaccuracies, they now have additional rights and the £10 fee has been waivered.
If we are informed of a breach to someone’s personal data, we may be required to inform the ICO. Under serious circumstances we may be required to inform the individuals whose data has been put at risk.
To ensure that we remain compliant we had to appoint a DPO (Data Protection Officer) and this role is being fulfilled at our school by H Y Education (tel: 0161 5438884)
However, if you have any concerns in the first instance please relay them through DPO@infinityacademies.co.uk.
A copy of our policy "IAT-CW-025 Privacy Notice Relating to Pupil Information" is available upon request.