GDPR and Data Protection
The new European General Data Protection Regulation (GDPR) came into effect on 25 May 2018. The aim of the regulation is to ensure all personal data relating to living EU citizens (including the UK) is protected and the companies who work with such data are held accountable for its protection.
The Data Protection Act (DPA) 2018 has received Royal Assent and its main provisions also commenced on 25 May 2018. The new Act aims to modernise data protection laws to ensure they are effective in the years to come.
At Purley Oaks we have always been committed to data privacy and protection. However, to ensure we are operating at the highest standards we have taken additional steps to ensure GDPR and DPA compliance. As an education provider with data collection at the core of many of our services, safeguarding personal data is of the utmost importance to us.
GDPR and DPA compliance is driven by the Board of Governors. Our main areas of focus and actions we have taken in preparation for GDPR/DPA are:
PERSONAL DATA REVIEW
- Reviewed all existing data policies and procedures to make sure they adhere to new legislation and uphold the highest standards of privacy and protection of personal rights
- Audited all data held and processed in the school, to confirm and record:
- Nature and purpose of processing
- Categories of data subject
- Types of personal data held and processed
- Identified the lawful basis for all our personal data processing
- Re-written our privacy policies to align with GDPR guidelines
- Reviewed all our procedures to align with the individual’s rights as specified under GDPR
- Updated our subject access request procedure to manage requests for data
PROCESSES, SUPPLIERS AND EMPLOYEES
- Reviewed our existing processes that cover data breach reporting and made necessary adjustments to accommodate GDPR rules
- Implemented the necessary Data Protection Impact Assessments for projects that may involve high risk processing as covered under GDPR
- Reviewed contracts with existing suppliers to ensure all parties take account of their respective obligations under GDPR
- Trained staff on the new legislation to complement their existing training on data protection
Parents may also find this introduction to GDPR video helpful.