G.D.P.R. (General Data Protection Regulation)

 

GDPR Statement for Parents/Carers and Pupils

We take your privacy very seriously and work to the highest standard to keep your data safe.  The General Data Protection Regulation (GDPR), came into force on the 25th May 2018, and it provides all of our stakeholders with an opportunity to reflect upon the measures that we have in place to protect data.

We are committed to comply with all relevant EU and Member State laws in respect of personal data.  We are also committed to the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR).  Ongoing compliance is embedded in all processes and policies throughout Albany Village Primary School.

Who is responsible for Personal Data?

Under the GDPR, Albany Village Primary School is a Data Controller, a Data Processor, or both.  Our role differs depending on how we use the data collection and handling process.

Under GDPR as a Data Controller we define how and why personal data is collected, stored, and used.  We also utilise data processors – third parties that process the data we control on your behalf.

Albany Village Primary School will achieve compliance by ensuring personal data is processed lawfully, transparently, and for a specific purpose.  Once the purpose is fulfilled and the data is no longer required it will be deleted, as stated within our Data Retention Policy.

Albany Village Primary School already complies with existing legislation, the Data Protection Act 1998, and school is experienced at working within such regulations.  However, under GDPR it is necessary to make some changes to policies and procedures.

We are registered with the Information Commissioner's Office as Data Processor

  • We utilise a wide range of security measures in line with the recommendations provided by ICO (Information Commissioner's Office)
  • We implement additional security measures including advanced firewalls, enhanced virus protection on all servers, regular data backup, username/password/PIN to control access, automatic suspicious activity detection and logging etc.
  • We have provided data protection training to all teaching and support staff.
  • We carry out due-diligence with all third party data processors. 
  • We will continue to share the specific details of personal data collected in our Privacy Notices, bespoke to staff, parents and pupil. These notices are publicly available on our website. 
  • We have completed a data mapping audit of the data that we process and store.  We have reviewed our data breach incident response procedure.

If you would like to read more about GDPR, the following video on YouTube, provides an excellent visual story of a school’s GDPR journey.

https://www.youtube.com/watch?v=Ua_LzUJ_wu8&t=1s