The GDPR, which came in to force on 25th May 2018 as the Data Protection Act 2018, is a step change in data protection and privacy law in the UK. It's not just about information technology, but all data we hold as an organisation.
It is in place to give data subjects control of their data and gives organisations processing that data (including schools) more responsibilities in relation to how they collect, process, store, share and destroy data. It's not just about information technology, but all data we hold as an organisation.
Please take the opportunity to watch the short video clip below.
GDPR Mind Map for Parents
As a school we collect and hold a great deal of personal data - not only about students, but also staff, parents, volunteers, visitors, suppliers and other 'data subjects'. GDPR requires us to not only minimise any risks to the unauthorised access and loss of personal data within the organisation, but also to provide evidence and documentation of our processing activity.
In order to demonstrate our commitment to GDPR compliance we are doing the following:
We have appointed Merton Council, as our Data Protection Officer.
As a school we collect and process large amounts of data. We take our responsibility as custodians of this data very seriously and embrace the opportunities GDPR provides to make improvements in how we handle data.
GDPR is a long-term project and we are committed to developing a privacy programme that becomes a cornerstone of our approach to data in the school. Whilst there will changes, we are committed to ensuring that there is no negative impact on teaching and learning and the welfare of students and staff.
The Data Protection Officer is Derek Crabtree and he can be contacted at schoolsDPO@merton.gov.uk
Please find attached our Data Protection Policy