On 25th May 2018, the General Data Protection Regulation (GDPR) will become law in all European member states, including the United Kingdom who will still be a member at that time.
The new Regulation will replace the Data Protection Act 1998 (DPA) which was developed at a time when most data processing was still paper-based. There was also a limited understanding of the impact that technology would have on the way we process data.
Ormiston Academies Trust is the organisation which is in charge of personal information – Data Controller
The postal address of the Academy Trust is:
Ormiston Academies Trust
Ormiston House
144, Newall Street
Birmingham
B3 1RY
The Data Protection Officer (DPO) for the Trust is James Miller. He can be contacted via [email protected] / 0121 262 4725
The Data Protection Lead (DPL) at the Academy is Ro Johnson – Data and Admin Officer
General Data Protection Regulation (GDPR)
Introduction
On 25th May 2018, the General Data Protection Regulation (GDPR) will become law in all European member states, including the United Kingdom who will still be a member at that time.
The new Regulation will replace the Data Protection Act 1998 (DPA) which was developed at a time when most data processing was still paper-based. There was also a limited understanding of the impact that technology would have on the way we process data.
The purpose of the GDPR is to:
In drafting it, the EU’s aim was to design it as a living document and future-proof the wording. They have also made it ‘technology neutral’ which means that the same regulatory principles apply regardless of the technology used.
If you hold information which falls within the scope of the Data Protection Act 1998, it will also fall within the scope of GDPR. The GDPR principles are similar to the DPA, but there is a new accountability requirement – you will have to demonstrate how you comply.
The following terminology will be used in this course.
Data subject means the person whose personal data is being processed.
Personal data means any information relating to a natural person or data subject that can be used directly or indirectly to identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking sites or a computer IP address. Sensitive personal data includes information about racial or ethnic origin, political opinions, medical information and genetic and biometric data where it is used to uniquely identify an individual.
Data controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is to be processed.
Data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.
Processing information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:
Privacy Notice for Pupils/Parents, detailing how we use information and what we do with it can be found by clicking here