GDPR is the new EU legislation and stands for General Data Protection Regulation. It came into force on 25th May 2018 and replaced all data protection legislation in EU member states (including the UK’s Data Protection Act 1998 (DPA). The GDPR will not be affected by the UK’s decision to leave the EU.
GDPR applies to all organisations processing personal data, including schools and academies. The legislation will determine how data is processed and kept safe, and the legal rights individuals have in relation to their own data.
The GDPR sets out the key principles that personal data shall be:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with this purpose;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- Accurate, and where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisation measures.
The GDPR also provides the following rights for individuals:
- The right to be informed;
- The right of access;
- The right to rectification;
- The right to erasure;
- The right to restrict processing;
- The right to data portability;
- The right to object;
- Rights in relation to automated decision making and profiling.
The GDPR requires all compliant organisations to appoint a Data Protection Officer (DPO). The DPO is responsible for overseeing data protection within the school. The DPO for Halfway Junior School is detailed below:
Data Protection Officer
The Data Protection Officer is responsible for overseeing data protection within the school
so if you do have any questions in this regard, please do contact them on the information
Data Protection Officer: Judicium Consulting Limited
Address: 72 Cannon Street, London, EC4N 6AE
Telephone: 0203 326 9174
Contact name Patrick Ballantine
For further information about GDPR please visit the ICO website.
|Data Breach Policy.pdf
|Data Protection Policy.pdf
|Data Protection Registration Certificate 2023-24.pdf
|Data Retention Policy.pdf
|DFE privacy notice for attendance data collection.pdf
|Employee Privacy Notice HJS.pdf
|Freedom of information policy and publication scheme.pdf
|HJS Privacy Notice - How we use pupil information.pdf
|Information Security Policy October 2022_docx.pdf