The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.
‘Personal data’ means information that can identify a living individual.
The regulation will apply to all schools from 25 May 2018, and will apply even after the UK leaves the EU.
What are the main principles of GDPR?
GDPR sets out the key principles that all personal data must be processed in line with.
Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed; accurate and kept up to date; held securely; only retained for as long as is necessary for the reasons it was collected.
What type of Data does Brixham College hold?
In some circumstances such as Parentpay or online homework platforms this data is held and managed by a third party. If a third party manages data on our behalf we refer to their own policies, but we do make sure that they comply with data protection laws before we use them.
Any organisation has to have a lawful basis to hold data on an individual. For example the lawful basis we keep some data would be under a legal obligation to protect and safeguard a child or another in the public Interest for us to be able to perform our role in education.
What is a Privacy Notice?
What is 'Right of Access'?
What is the right of access?
The right of access, commonly referred to as subject access, gives individuals the right to obtain a copy of their personal data as well as other supplementary information. It helps individuals to understand how and why organisations are using their data, and check that they are doing it lawfully. In order to request data held by an organisation the individual concerned needs to submit a ‘Subject access request’.
How do I submit a subject access request?
To submit a subject access request (SAR) to Brixham College we have attached a form that must be completed and returned.
When an SAR is submitted the college has a duty to respond within 1 month of submission. The response would either contain the data requested or an earlier response may ask for further clarification of the data requested.
In most cases we will ask for proof of identity and you may be required to provide two forms of identification including photo id.
How do I make a complaint about Data Protection and information?
Complaints regarding an organisation with regards to Data Protection and GDPR should be made to the Information Commissioners Office either via their website https://ico.org.uk/concerns/ or by calling their helpline number 0303 123 1113.
Where can I find out more information about GDPR ?
GDPR is governed by the Information Commissioners Office (ICO) who are responsible for the UK data protection laws. For more information you can refer to their website https://ico.org.uk/for-the-public/ or by calling 0303 123 1113.
Where is the College data protection policy?
The Brixham College data protection policy can be found here:
Success in Learning, Success in Life at a Values Led College.