What is GDPR?

GDPR stands for: General Data Protection Regulations.  Although the school has been working in line with the Data Protection Act from 1998, new regulations in relation to your personal data came into effect from 25th May 2018. Aston Clinton School will ensure that personal data is protected and kept safely and securely. Our Data Protection Policy is used as the basis for collecting, storing, accessing, sharing and deleting personal data. The school will use the General Data Protection Regulations (GDPR) as the benchmark for its standard for protecting personal data.

Objectives

• To ensure that decision makers and key people in school comply with the statutory changes to GDPR which came into force in May 2018
• To ensure that there are regular reviews and audits of the information we hold to ensure we fully meet the GDPR statutory requirements.
• To document the personal data we hold, where it came from and with whom it will be shared.
• To ensure that data collection, data handling, data storage and data disposal procedures are in line with  GDPR and cover all individual rights, including how personal data is deleted and destroyed.

Strategies

• Data access request procedures are handled within the timescales set out in the GDPR and we provide any additional information in line with that guidance.
• The processing of personal data is carried out on a lawful basis as required by GDPR.
• Where the school needs to seek consent, it does so in a manner that meets GDPR standards.
• Any records of consent and the management of the process for seeking consent meets the GDPR standard.
• Where there is a personal data breach the procedures used to detect, report and investigate it, meet the requirements of GDPR.
• The systems the school puts into place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity meet the standard set out under GDPR.
• Data protection by design and data protection impact assessments comply with the ICO’s code of practice on privacy impact assessments, as well as with the latest guidance.
• The school has a Data Protection Officer who has responsibility for data protection compliance.
• When the school requests data we provide appropriate privacy notices to explain why data is being collected and the purposes for which it is used.

Outcomes

The requirements of GDPR are met by this school as the basis for collecting, storing, accessing, sharing and deleting personal data. Data is processed fairly, lawfully and in a transparent manner. It is used for specified, explicit and legitimate purposes in a way that is adequate, relevant and limited. It is accurate, up to date and kept no longer than is necessary. Data is processed in a manner that ensures its appropriate security.