Home | Latest News | GDPR Information

GDPR Information

What is the GDPR?

The GDPR is a piece of EU-wide legislation that sets out the rules on two things:

  • How organisations, including schools, will process people’s personal data and keep it safe
  • The legal rights people have over their own data

It will apply to all schools from 25th May 2018, and the UK government has confirmed it will apply even after the UK leaves the EU.

The changes are intended to protect sensitive or confidential information about people, including school staff and pupils.

 What will be different under the GDPR?

The GDPR is similar to the Data Protection Act (DPA) 1998, which is what schools comply with at the moment, but strengthens and builds on many of the DPA’s principles. It has been described as “evolution not revolution”, but there are some key changes.

  • All schools must appoint a data protection officer
  • Schools must comply with subject access requests within a month (not 40 days), and in most cases can no longer charge a fee
  • The Information Commissioner’s Office (which upholds information rights in the UK) must be notified within 72 hours of a data breach
  • Schools must demonstrate how they comply with the rules
  • Schools need to carry out ‘data protection impact assessments’ when they want to use data in new ways, or implement new technologies
  • Privacy notices need to include some extra information
  • Consent for using someone’s data must be freely given, specific, informed and unambiguous – a higher standard than before
  • There are new, special protections for children’s data in the context of commercial internet services, such as social networkingAll schools must appoint a named data protection officer to:

What does a data protection officer do?

  • Advise the school on data protection issues
  • Monitor the school’s compliance with the GDPR and any other relevant data protection law
  • Ensure the school’s policies on data protection are followed
  • Deal with and report data breaches
  • Organise relevant data protection training
  • Report to governors/trustees on the school’s GDPR compliance
  • Act as a contact point for the whole school community and Information Commissioner’s Office on any data protection issues
  • Advise on the need to conduct ‘data protection impact assessments’ if anyone in school wants to collect data in a new way (e.g. a teacher wants to use a new classroom app that requires pupils’ or parents’ personal data)

Who are the Data Protection Officers at the Hornchurch Academy Trust?

  • ​Whybridge Junior School – Ms D McGahey c/o Scargill Infant School
  • Scargill Junior School – Mr C W Hobson c/o Whybridge Junior School
  • Scargill Infant School – Mrs A Ireland c/o Scargill Junior School

What new documents do I need to sign as a parent?

  • GDPR Consent Letter
  • HAT Pupil Privacy Notice
  • On Line Consent Form

How do I request information under the new law?

  •  ​Complete a Subject Access Request

 

Please find links below for documents relating to What is GDPR - documents that parents/carers would need to sign

 

 

Please find links below for documents relating to What is GDPR - documents that parents/carers would need to sign

 

Secuirty Breach and Prevention Management Plan

HAT Cookies Policy

Data Protection Policy and Privacy Notice

HAT Pupil Privacy Notice

Subject Access Request Form

 

 




CEOPS