Data Protection – The law is changing!
Good Counsel College processes data in line with the Data Protection Act.
The Data Controller for this school is the Principal, Mr Mark O’Brien and our Data Protection Policy can be found at this link.
On 25th May 2018, the new General Data Protection Regulations (GPDR) come into force and these will apply to all schools adding extra responsibilities to those of the Data Protection Act. Schools will have to ensure that the strategies they currently have in place for data protection are compliant and failure to do so could result in very heavy fines for breaches. Accountability is central to GPDR.
The 6 Principles of GPDR – will replace the existing 8 listed in our policy.
Data will be:
- Processed fairly lawfully and in a transparent manner
- Used for specified, explicit and legitimate purposes
- Used in a way that is adequate, relevant and limited
- Accurate and kept up to date
- Kept no longer than is necessary
- Processed in a manner that ensures appropriate security of the data
We will be working to ensure school is compliant with the new regulations. Many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act. However, there are new elements and significant enhancements so we will have to do some new things for the first time and change the way do some existing things. In order to identify fully what needs to be done school will be undertaking a full review/audit of existing data held in school. Training will be taking place to raise awareness of staff to the new regulations regarding data protection.
The GDPR explicitly states that children’s personal data merits specific protection and also introduces new requirements for the online processing of a child’s personal data.
Guidelines for Data Protection for Good Counsel College
The school will ensure that personal data is protected and kept safely and securely. It will ensure that its policy for data protection is used as the basis for collecting, storing, accessing, sharing and deleting personal data. The school will use the General Data Protection Regulations (GDPR) as the benchmark for its standard for protecting personal data.
- To ensure that decision makers and key people in school comply with the statutory changes to the GDPR coming into force on 25th May 2018.
- To ensure that there will be regular reviews and audits of the information we hold to ensure that we fully meet the GDPR statutory requirements.
- To document the personal data we hold, where it came from and with whom it will be shared.
- To ensure that data collection, data handling, data storage and data disposal procedures are in line with the GDPR and cover all the rights individuals have, including how personal data is deleted and destroyed.
- Data access request procedures will be handled within the timescales set out in the GDPR and we provide any additional information in line with the GDPR guidance.
- The processing of personal data will be carried out on a lawful basis as required by the GDPR.
- Where the school needs to seek consent, it will do so in a manner that meets GDPR standards.
- Any records of consent and the management of the process for seeking consent will also meet the GDPR standard.
- Where there is a personal data breach the procedures used to detect, report and investigate it will meet the requirements of the GDPR.
- The systems the school puts into place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity will meet the standard set in the GDPR.
- There will be a senior member of staff designated as the Data Protection Officer who will be given responsibility for data protection compliance.
- When the school requests data we will provide appropriate privacy notices to explain why data is being requested and the purposes for which it is used.
The requirements of the GDPR will be met by this school as the basis for collecting, storing, accessing, sharing and deleting personal data. Data will be processed fairly lawfully and in a transparent manner. It will be used for specified, explicit and legitimate purposes in a way that is adequate, relevant and limited. It will be accurate and kept up to date and kept no longer than is necessary. Data will be processed in a manner that ensures appropriate security of the data.
Our work on being compliant with the new regulations is a “work in progress” and this page will be updated as further information is available. Meanwhile, if you have any issues regarding current data protection in our school please do not hesitate to speak to the Principal, Mr Mark O’Brien.