General Data Protection Regulations
All data held by the school is compliant with the General Data Protection Regulation of 2018 (GDPR). It is based on the Data Protection Act 1998 but brings many enhancements to the rights of individuals in regards to their personal data.
The GDPR increases the importance of data protection and emphasises accountability. As a school we think about how we use and manage data in everything we do. All personal data, electronic and paper copies, are stored on our secure server or in locked cabinets in locked rooms with access restricted on a 'need to know' basis.
The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
The GDPR provides the following rights for individuals:
|
|
|
The "Right of access" allows you to make a subject access request regarding the information the school holds about parents, pupils and staff.
There are 6 key principles to the GDPR that the school is accountable for:
- There must be a lawful reason for collecting personal data and it must be done in a fair and transparent way.
- Data must only be used for the reason it is initially obtained.
- No more data than is necessary should be collected.
- Data has to be accurate and there must be mechanisms in place to keep it up to date.
- Data should not be retained for longer than is necessary.
- The protection of personal data must be upheld.
Brackenbury has developed a comprehensive GDPR Data Protection Policy for all staff working in our school. All staff are trained annually and sign to agree full compliance. Our Data Manager is Margaret Austin.
The school's Data Protection Officer is Sarah Wilkes, School Business Manager at the Hangleton and Benfield federation.
Below is a copy of the Privacy Notice for the data we hold about pupils and their families.
Please click here to see our privacy statement.