General Data Protection Regulation - GDPR
How will it affect our school and what will the changes mean for students and parents?
The GDPR is new legislation regarding the maintenance and protection of your personal data by those who have a lawful basis to process it. Walton High School’s lawful basis is ‘Public task’. This is because the processing is necessary for our official functions. For processing of additional data we will always ask your consent e.g. photography consent, trip consent etc. This is normally done at the start of the school year.
The new regulation means that you have greater control of the data we hold. For example, you have the right:
• for data to be rectified e.g. if you change address, phone number etc. you can let us know and we will update our records.
• to request what information we hold about you.
In line with the new regulations, Walton High School has audited all the data which is held about students, parents, staff, teaching school members and third parties. By doing this we can see exactly what data we have, who it can be shared with, who has access to it, the security in place and when and where the data can be securely destroyed.
Before working with any new system, we follow our new Data Impact Assessment. By using this, it helps us to see whether the processing of the data is necessary, whether additional consent is required and to ensure it is held securely.
To ensure accountability and transparency, all organisations must now appoint a Data Protection Officer. This must be someone who does not work with the data in School as this would create a conflict of interest. Therefore, our Data Protection Officer will be provided by Entrust at this stage. On a day to day basis, Mr Hodby will be the Data Protection Lead and will be able to provide information and advice about Data Protection.
The protection of all our data is taken very seriously and as such the School limits the data that is available to individual staff on the basis of their role. Any breach of data protection will be fully investigated and the Information Commissioner’s Office will be informed as per GDPR guidelines.