Tamar Way, Didcot, Oxon OX11 7LH Telephone: 01235 819143 Fax: 01235 819200 E-mail: office.3859@all-saints.oxon.sch.uk

Data Protection and GDPR

general data protection regulation (GDPR)

The General Data Protection Regulation is a piece of EU-wide legislation which determines how personal data is processed and kept safe and the legal rights that individuals have in relation to their own data.  It came into effect on 25th May 2018 and applies to all organisations that process or handle personal data, including schools.  This legislation is similar to the Data Protection Act (DPA) 1998 - either building on or strengthening its principles.  The legislation also gives guidance as to how long information can be held and our Retention Policy outlines how this works within our school for the different types of information that we hold.  A copy of our Retention Policy is available here.

 

privacy notices

We issue Privacy notices annually to all children, parents, staff and volunteers that we process personal information about.  These explain why we process information, what we do with it, our legal basis for processing and your right to make a complaint and other rights in relation to access and correcting inaccurate information.

The privacy notices can be accessed here (pupils) , here (staff ) and  here (volunteers).

 

subject access requests (SAR)

 If you wish to have access to the data we hold on you/your child you will need to complete an SAR (Subject Access Request) form.  Please read the Privacy notice as this includes details about what you can request.  The SAR should be returned to the Data Protection Officer.  All requests should be responded to within a month however if the request is made when the school is closed there will be some delay. The request will be dealt with as soon as possible when the school reopens.

 

consent

The majority of pupil information which we hold is provided to us on a mandatory basis there are some aspects of information that are provided on a voluntary basis.  We will always inform parents whether the information we are requesting is required or voluntary - if it is voluntary we will ask if you are happy for us to hold that information and also how we can use it.  For example, publicity - we already ask for permission to use personal information for publicity purposes, including photographs, names and childrens' work.

data breaches

We are required under GDPR to notify the Information Commisioners' Office within 72 hours of any data breaches where an individual is likely to suffer some form of damage, such as through identity theft or a confidentiality breach.

Further information is available here.

 

data protection officer

Lisa Robinson, School Business Manager: dpo@all-saints.oxon.sch.uk or 01235 819143