What is GDPR?
General Data Protection Regulations, or GDPR, is a system that has been designed to protect the personal data and privacy rights of all citizens within the European Union. The new regulations will bring the UK into line with the current rules governing countries including Germany, Canada and Australia. The GDPR replaced the Data Protection Act 1998 on 25th May 2018.
The GDPR places greater emphasis on the documentation that data controllers (‘The School’) must keep to demonstrate their accountability.
What does GDPR actually do?
GDPR does a few things:
- It defines what is meant by ‘personal data’
- It confers rights on ‘data subjects’
- It places obligations on ‘data controllers’ and ‘data processors’
- It creates principles relating to the processing of personal data
- It provides penalties for failure to comply with the above
What is personal data?
The definition of personal data under GDPR is given as being:
‘ Any information relating to an identified or identifiable person (data subject); an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person’.
Who are Data Controllers and Data Processors?
The Data controller is the person or organisation which determines purposes and means of the processing of personal data.
The data processor is the person or organisation which processes the personal data on behalf of the controller.
What rights do Data Subjects have?
Data subjects – the living individuals that the personal data being processed relates to have the following rights under GDPR:
- The right to be informed what data you are using, why and for what purpose
- The right of access – you can see what data we are processing if you request
- The right of rectification – if your data is wrong, we have to correct it
- The right to erasure
- The right to restrict processing – you can ask us to stop using your data unless we have legitimate legal basis to continuing to do so
- The right to object – you can object to us using your data unless we have an overriding legitimate reason to continue
Individuals have an increased right of access to their data and it’s use
All individuals will have a right to obtain confirmation that the data controller is processing their personal data. They will be able to request access to all their personal data that you are processing including what data you are processing, why you are processing it, who it is being shared with and how it will be retained.
To read more about what information we collect and how we protect it, please view our Privacy Notices below:
Job Applicant Privacy Notice
Staff Privacy Notice
Trustee Privacy Notice
Visitor Privacy Notice
Suppliers, Consultants and Contractors Privacy Notice
Volunteers Privacy Notice
The Data Protection Officer (DPO) for St Mary’s School is Claire Mehegan. Claire can be contacted on 07903 506725 or email firstname.lastname@example.org