Following the Data Protection Act 1998, the General Data Protection Regulation (GDPR) 2018 came into force on 25 May 2018. The GDPR only applies to personal information, ie, information about identifiable living individuals and to anyone who processes, stores or is the subject of personal data.
The Regulation lays down rules relation to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data:
- It protects the fundamental rights and freedoms of natural persons and, in particular, their right
to the protection of personal data.
- Anyone who records and uses personal information (data controllers) must be open about how the information is used and must follow the six principles of ‘good information handling’.
- All individuals (data subjects) have the right to see information that is held about them and the right to have information corrected if it is incorrect.
- The Regulation applies to all electronic records that contain information about living and identifiable individuals and extends data protection to manual files where the personal data of a data subject is readily accessible (a structured filing system).
- The main aim of the Regulation is to protect data from unnecessary, unauthorised or harmful use and to provide individuals with some control over the use of their personal data. Individuals have the right to take action for compensation caused by inaccurate, lost or destroyed data or unauthorised disclosure of information. They also have the right to complain to the Information Commissioner who may serve an enforcement notice and, in some circumstances, impose a financial penalty.
In collecting, using, storing and disposing of data, the Trust or an individual Academy will comply with the requirements of the GDPR that govern the processing of personal data. Under these requirements, information will be collected and used fairly, stored safely and not disclosed to any other person where to do so would be in breach of those requirements or would otherwise be unlawful.
If a request is made for information, in the majority of circumstances the issue will be resolved without reference to the GDPR. If a Data Subject specifically makes a request under this Regulation, then a formal procedure must be followed (see SARs below).
Click on the following links for more information:
- Trust Privacy Notice for Pupils and Parents
- Trust Privacy Notice for Staff
- Privacy Notice Appendix (please see individual Academy websites for their appendices)
Click on the link to read our Data Protection Policy
Subject Access Requests
Please read the attached policy below for information and procedures to follow should you wish to make a Data Subject Access Request.
We are now able to accept Data SARs verbally; however, we will always ask for confirmation of the request in writing so we can keep an accurate record of the information requested.
Once complete, the standard form should be either posted to the Trust Governance Manager, Greenwood House, Private Road No 2, Colwick Quays Business Park, NG4 2JY or emailed to: firstname.lastname@example.org.
If you require further information about the GDPR, this is available on the Information Commissioner's website at www.ico.org.uk
The Trust Data Protection Officer can be contacted on email@example.com or 0115 748 3310.