QES Special News 2017-18
GDPR - Our Journey So Far
GDPR stands for the General Data Protection Regulation, which is the new European data protection law coming in to force on 25 May 2018.
The GDPR will replace the 1995 Data Protection Directive, on which UK law is currently based. The new regulation aims to take personal data much more seriously, and organisations will incur significant fines if they are found to be in breach.
Despite UK plans to leave the European Union, this legislative change will still affect the UK, as our government is implementing a new Data Protection Bill, which is largely the same at the GDPR.
We are working hard to ensure we comply with GDPR and have workgroups in school looking at and updating our practices to ensure we protect the data we hold and continue to improve how we work.
We have the support of our Health and Safety advisors and a legal team who are working with us to advise on changes in legislation, documents and the new processes we are putting in place. We have also appointed a Data Protection Officer who is liaising with our Leadership Team and Trustees to ensure that we comply with the new regulation.
We welcome the opportunity to review and improve our processes and procedures, ensuring we continue to offer excellent standards of information security and data protection. We have already completed a number of GDPR-related actions and have summarised them below:
- Data Protection Officer appointed
- Data flow mapping exercise and data audit
- Privacy Notice released - please click here
- Prepared plans to launch a digital system (SIMS Parent)that parents can use to check the accuracy of data we hold about pupils and keep consent for non-statutory activities up to date
- Data Breach reporting process in place - please click here for data protection policy
- Subject access request - please click here for data protection policy
- Supplier management
- Technical measures and acceptable user agreement for staff
Last modified: Friday, 25 May 2018, 10:53 AM