On the 25th May 2018, the new and updated General Data Protection Regulation (GDPR) – came into force.
What is the General Data Protection Regulation (GDPR)?
To put it simply, the GDPR is a new data protection regulation designed to strengthen and unify the safety and security of personal data held within an organisation (including schools, academies and other educational establishments).
How will GDPR affect schools?
The GDPR does not change the way schools, academies and trusts handle their data and the way information is managed, but it does strengthen the rights of individuals; pupils, parents, governors, volunteers and staff members over their data, how it is used, stored and shared. Consequently, our Trust will regularly review and audit our use and storage of data to ensure we are compliant with the new regulation.
Steps taken to ensure compliance with the GDPR
- Established a protocol to regularly audit the information our Trust holds and our practices for storing and sharing it
- Reviewed our current privacy notices and re issued these to all stakeholders.
- Revised our data processing policy to ensure our procedures cover all the rights individuals have under GDPR.
- Reviewed how we seek, obtain and record consent for data processes.
- Marish Academy Trust’s Data Protection Officer (DPO) is Miss Sophie Holmes. She is contactable on sophie.holmes@marishandwillow.
Further information can be found in the following documents.
- GDPR PRIVACY STATEMENT PUPILS
- GDPR PRIVACY STATEMENT SCHOOL WORKFORCE
- DATA PROTECTION POLICY
- Model Publication Model
We now use Pupil Asset for our data mangement system. the links included here explain how we remain GPDR compliant and also include a link showing what is to be done if it is required to make an enquiry about data that is being held