General Data Protection Regulation – GDPR
How will it affect our college and what will the changes mean for students and parents?
The GDPR is new legislation regarding the maintenance and protection of your personal data by those who have a lawful basis to process it. Painsley Catholic MAC’s lawful basis is ‘Public task’. This is because the processing is necessary for our official functions. For processing of additional data we will always ask your consent e.g. photography consent, trip consent etc. This is normally done at the start of the school year.
The new regulation means that you have greater control of the data we hold. For
example, you have the right:
- for data to be rectified e.g. if you change address, phone number etc. you can let us know and we will update our records.
- to request what information we hold about you.
In line with the new regulations, schools in the Painsley Catholic MAC have audited all the data which is held about students, parents, staff, teaching school members and third parties. By doing this we can see exactly what data we have, who it can be shared with, who has access to it, the security in place and when and where the data can be securely destroyed.
Before working with any new system, schools in the Painsley Catholic MAC will follow our new Data Impact Assessment. By using this, it helps us to see whether the processing of the data is necessary, whether additional consent is required and to ensure it is held securely.
To ensure accountability and transparency, all organisations must now appoint a Data Protection Officer. This must be
someone who does not work with the data in College as this would create a conflict of interest. Therefore, our Data
Protection Officer will be a member of staff from one of the other schools in our Multi Academy Company. As soon as we know who that will be, we will inform you. On a day to day basis, Mrs Baskeyfield will be the Data Protection Lead and will be able to provide information and advice about Data Protection.
The protection of all our data is taken very seriously and as such the College limits the data that is available to individual staff on the basis of their role. Any breach of data protection will be fully investigated and the Information Commissioner’s Office will be informed as per GDPR guidelines.