On the 25th May 2018, the General Data Protection Regulations (GDPR) come into force in the UK. These are new data protection regulations build upon the Data Protection Act of 1998. The GDPR require public authorities and businesses to identify the lawful basis for storing personal data, audit information we already hold and take a ‘data protection by design and default’ approach to personal data.
We take data protection very seriously at Tenterfield Nursery School. In line with GDPR requirements, we have appointed a Data Protection Officer to oversee our approach to data management and protection who can be contacted via the school.
Schools process a lot of personal data relating to pupils and staff in order to carry out their functions. They also acquire personal data relating to other people including, for example, parents/carers, governors, members of the local community, suppliers, contractors and consultants.
In order to ensure that we comply with the new regulations, we are reviewing our current policies and practices. We have therefore updated our privacy notices in line with the new requirements. These can be found here:
- Data Protection Policy (327KB)
To learn more about the General Data Protection Regulation, please visit the Information Commissioner’s Office website on http://ico.org.uk
Individual rights regarding personal data
Individuals have a right to make a ‘subject access request’ to gain access to personal information that the school holds about them.
Parents/carers can make a request with respect to their child’s data where the child is not considered mature enough to understand their rights over their own data, usually under the age of 12.
If a parent makes a subject access request, and if we do hold personal information about parent or child, then we will:
- Give a description of it
- State why we are holding and processing it, and how long we will keep it for
- Explain where we got it from, if not from parent or child
- State who it has been, or will be, shared with
- Advise whether any automated decision-making is being applied to the data, and any consequences of this
- Provide a copy of the information in an intelligible form
Individuals also have the right for their personal information to be transmitted electronically to another organisation in certain circumstances.
Any requests should be made to our data protection officer. Our data protection officer (DPO) is Mr Patrick Aikman: firstname.lastname@example.org