GDPR and Al Aqsa School
As of the 25th May 2018, GDPR (General Data Protection Regulation) will update personal data rules and replace the previous Data Protection Act. The GDPR is focused on looking after the privacy and rights of the individual and based on the premise that consumers and data subjects should have knowledge of what data is held about them and how it is used.
Whilst the majority of pupil information you provide to the school is mandatory, some of it is provided to us on a voluntary basis. Under the new regulations, where consent is required to collect and use an individual’s information it now needs to be freely given, specific, informed and unambiguous. To ensure the school meet the new requirements there are a number of policies and procedures which will need to be updated. We know that complete GDPR compliance can only be achieved through a collaborative and transparent approach and we also want to ensure that this is comprehensive and complete.
We have been working on and updating the following:
- Identification of a Data Controller
- Data mapping and Data Asset Register
- Embedding data privacy into all our processes
- Information security risk
- Third party risk and our data partners
- Responding to individual complaints and data subject access requests (DSARs)
- Data Privacy Breach procedures
- Ongoing monitoring
If you have further queries, then please do not hesitate in contacting the school.