General Data Protection Regulation (GDPR)
The General Data Protection Regulation 2018 and new Data Protection Act 2018 have strengthened and unified all data held within Chancery Multi Academy Trust and Excalibur Primary School. GDPR brings a new responsibility to inform parents and stakeholders about how we are using the data that we hold and who it is being used by.
Managing Personal Information
As an academy Chancery Multi Academy Trust and Excalibur Primary School collect and process data as part of our public functions under the Data Protection Act 2018 and the General Data Protection Regulation 2018. Most of the processing of personal data undertaken by the school will fall under a specific legal basis, 'in the public interest'. As it is in the the public interest to operate schools sucessfully, it will mean that specific content will not be needed in the majority of cases in school.
Excalibur Primary School recognises the need to protect personal data and places great emphasis on ensuring data remains secure and confidential. This applies to our manual and electronic records as well as to conversations we have about service-users and the services they receive.
Everyone working for Excalibur Primary School is aware of the requirements of the Data Protection Act (DPA) and their duty to keep personal data secure and confidential. This includes ensuring we only share personal data where we have the legal power to do so.
The Headteacher is responsible for the accuracy and safe-keeping of the data held. Please help to keep your child's records up to date by informing us of any change of circumstances.
You have the right to see your child's records if you wish. Please could you ask at the school office if you would like further details. An appointment will be required but their will be no fee to pay.
GDPR will ensure data is protected and will give individuals more control over their data, however this means Excalibur PRimary SChool has a greater accountability for the data:
- Under GDPR, consent must be explicitly given to anything that isn't within the normal business of the school, especially if it involves a third party managing the data. Parents (or the pupils themselves depending on their age) must express consent for their child's data to be used outside of the normal business of the school.
- School must appoint a Data Protection Officer and be able to prove that they are GDPR compliant.
- Schools must ensure that their third party suppliers who may process any of their data is GDPR compliant and must ave legally binding contracts with any company that processes any personal data. These contracts must cover what data is being processed, who it is being processed by, who has access to it and how it is protected,
- It is compulsory that all data breaches which are likely to have a detremental effect on the data subject are reported to the ICO within 72 hours.
Data Protection Officer
The Data Protection Officer for the Chancery Academy Trust and Excalibur Primary School is Jenny Whiston.
If you have any questions, or would like any further information you can contact Jenny on firstname.lastname@example.org
GDPR Guidance for Schools - ICO
Data Protection Register Entry Details for Chancery Multi Academy Trust