You will have heard that there is new regulations in place regarding how organisations handle personal data - it is called the General Data Protection Regulations and it became mandatory from May 25th 2018.
Our school handles a large amount of personal data. This includes information on pupils, such as assessments, medical information, images and much more. We also hold data on staff, governors, volunteers and job applicants.
As part of our daily work we also handle what the GDPR refers to as special category data, which is subject to tighter controls. This could be details on race, ethnic origin, biometric data or trade union membership.
Data regulations are nothing new, data is already governed by existing DPA regulations, which ensure personal data is handled lawfully. However, the new GDPR has gone further and requires organisations to document how and why they process all personal data, and gives enhanced rights to the individual.
With the increased emphasis on accountability will come more pressure on leaders to ensure their staff receive the necessary training. Systems in place will also impact anyone who handles personal data, even if that’s an attendance register.
From 25 May, any data subject (that’s someone whose data the school holds) can exercise certain rights with regards to their data. This means that a parent could ask for a school to produce all data it currently holds on their child, or a job applicant could ask you to erase all their details. Under the new law an individual could ask for their data in a portable form so they can pass it on to another organisation.
The school would be legally obliged to carry out these requests within 28 days of the request being given.
Although individuals were previously allowed to request access and an amend to any inaccuracies, they now have additional rights and the £10 fee has been waivered.
From 25 May, if we are informed of a breach to someone’s personal data, we may be required to inform the ICO. Under serious circumstances we may be required to inform the individuals whose data has been put at risk.
We have put some school policies here to help you to understand how we deal with data, what it will look like from now on and what you can expect in the way we handle and keep your data secure.