UK GENERAL DATA PROTECTION REGULATION
Data Protection and the UK GDPR
As the UK transitional arrangements expired on 31 December 2020, there were some practical changes for Data protection and the GDPR.
To comply with the Data Protection, Privacy and Electronics Communications (Amendments etc) (EU Exit) Regulations 2019 please note that every policy, notice and procedural guide that refers to "GDPR" shall now be read as "UK GDPR".
The rights, responsibilities and data protection that the Data Protection Act 2018 and the DGPR are not changed.
Our procedures and arrangements will not change.
The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data.
‘Personal data’ means information that can identify a living individual.
The UK GDPR sets out the key principles that all personal data must be processed in line with.
Data must be: processed lawfully, fairly and transparently; collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed; accurate and kept up to date; held securely; only retained for as long as is necessary for the reasons it was collected
There are also stronger rights for individuals regarding their own data.
The individual’s rights include: to be informed about how their data is used, to have access to their data, to rectify incorrect information, to have their data erased, to restrict how their data is used, to move their data from one organisation to another, and to object to their data being used at all.
The School's Data Protection Office Service is provided by
YourIG Data protection Officer Service
3-5 St James's Road