General Data Protection Regulations (GDPR)
Upton Westlea Primary School complies with the General Data Protection Regulation. (GDPR) which became law on 25th May 2018. As a controller and processor of data, most of the information we process, we do so as our role as educators and in undertaking public task. For anything outside of this we would seek parental consent.
The six principles of GDPR are that data should be:-
- Processed fairly lawfully and in a transparent manner
- Used for specified, explicit and legitimate purposes
- Used in a way that is adequate, relevant and limited
- Accurate and kept up to date
- Kept no longer than is necessary
- Processed in a manner that ensures appropriate security of the data
The School’s data protection officer (DPO) has been appointed through 'Safeguarding Monitor'. The DPO is tasked with monitoring compliance with the GDPR as well as being a point of contact with the Information Commissioner’s Office (ICO), the organisation which regulates data protection. The DPO can be contacted by emailing firstname.lastname@example.org
Individuals, including children, have rights with regards the information that is held on them. Those rights are as follows:-
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision making and profiling
Subject access request (SAR)’s should be made in writing to the Head Teacher by emailing email@example.com Responses to subject access requests will be made within one month.
In the event of a data breach, the DPO will contact the ICO. We are committed to only working with partners who are also GDPR compliant.
Please refer to our policies on GDPR and CCTV as well as our privacy notices for adults and children and some information from Unicef about the rights of the child under the United Nations Convention.