The General Data Protection Regulation 2018 (GDPR) establishes the protection of individuals with regard to the processing of personal date. The introduction of the GDPR brings higher standards and enhanced security for the handling of personal data, to which the school has a legal duty to comply.
What is General Data Protection Regulation?
A European Law which came into effect on 25 May 2018, ensuring all European countries apply data protection laws in a unified manner across all states. It is designed to protect EU Citizens from having their personal data misused by organisations, and puts the individual in charge of what, where and how their information is shared.
What is Personal Data?
Personal data means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
Who processes Personal Data?
Any person that collects, manages and stores personal data is know as a Data Processor. It is the responsability of each data processor to follow GDPR guidelines and ensure that peronal data is used in the correct way. Ask yourself the following questions:
- Do I store any data that can identify individuals? (Example: a spreadsheet with names and email addresses of students, a resume, a list of people with specific dietary requirements)
- Am I storing this data for a specific purpose?
- How long do I need the data for?
- Have I stored this data in a secure location?
Best practices and expected behaviour
The School Data Protection Officer offers guidance and support to ensure that the school has the correct measures in place to be GDPR compliant. It is the responsibility of each staff member to follow basic rules in order to minimise risk and ensure the data we manage remains safe. Here are some Data Privacy guidelines. As per guidelines, Personal Data is only stored on school-approved systems, network shared folders and official cloud based systems (Google and Firefly). Personal data is only shared with staff members if they have a specific business purposes that requires access this information. Key Data is only kept for as long as it is needed.