What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data. It will apply from 25 May 2018 to organisations that process or handle personal data, including schools.
It’s similar to the Data Protection Act (DPA) 1998 in many ways. Most of the differences involve the GDPR building on or strengthening the principles of the DPA.
Article 5, in chapter 2 (page 117), sets out six principles of data processing. These say that personal data must be:
- Processed lawfully, fairly and in a transparent manner
- Collected for specified, explicit and legitimate purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which the data is processed
- Accurate and kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the data is processed
- Processed in a way that ensures appropriate security of personal data.
Right of access to personal data “subject access request”
You have the right to access the personal data that the school holds about you. It is helpful to make the request writing to the DATA LEAD in the school.
We take the security of personal data seriously so we may ask you for proof of identity to verify that you are entitled to the information requested.
Subject Access Requests Outside of Term Time
A request for information may be received during or less than one month prior to a school holiday.
Where a request is made prior to a holiday period the School will seek to respond prior to that holiday commencing, however where this is not possible then the School will inform the requester that this is the case.
Requests for information received during extended holiday periods may not be able to be responded to within the one month response period. The School will in those circumstances send out an initial acknowledgement of the request as set out in Annex 1 of the Schools procedures, followed by a further acknowledgement as soon as possible following commencement of the next term setting out details of when a full response will be provided (being not more than one month of commencement of that term).