GENERAL DATA PROTECTION REGULATION (GDPR)
The new European General Data Protection Regulation (GDPR) law will come into effect on 25 May 2018. The objective of this law is to ensure all personal data relating to living EU citizens (including the UK) is protected and that those who are entrusted with such data are held accountable for its protection.
The City Learning Trust (CLT) and its member academies are committed to data privacy and protection and is taking all necessary steps to ensure GDPR compliance. The GDPR principles will be embedded in our data processing so that parents/carers, pupils, staff, volunteers and visitors are assured that we handle their personal data respectfully, and do so in line with the law.
GDPR compliance is driven by the Trust Board and our main areas of focus / actions taken to prepare for GDPR are listed below:
Personal Data Review
- The Trust’s data protection policy has been rewritten in line with GDPR. All existing and related policies and procedures will also adhere to new legislation and uphold the highest standards of privacy and protection of personal data rights.
- A thorough data audit has been carried out across the Trust to identify all data held and processed. We have recorded:
- The nature and purpose of processing.
- Categories of data subjects.
- Types of personal data held and processed.
- Identified the lawful basis for all our personal data processing.
- Detailed the retention period for all data.
- Detailed how data will be securely stored and disposed of.
- Detailed who we share data with.
- Our policies and privacy notices conform to the legislation for protection of children’s data.
- We have re-written our privacy notices for staff, pupils and parents/carers to align with GDPR guidelines.
Our processes will ensure that:
- All procedures align with the individual’s rights as specified under GDPR.
- Subject Access Request procedure to manage requests for data is in line with GDPR
- Seeking, recording and managing consent is in line with GDPR.
Processes, Contracts and Employees of the Trust
- We will implement, when necessary, Data Protection Impact Assessments for projects that may involve high risk processing as covered under GDPR.
- A new addendum added to contracts with existing contractors to ensure all parties take account of their respective obligations and responsibilities under GDPR.
- All staff are well informed of the new legislation. GDPR awareness training will be included in the Trust’s annual training cycle.
- We have appointed a Data Protection Officer.
The Trust will continue to publish updates regarding GDPR over the coming months. In the meantime if you have any queries please contact the Trust’s Data Protection Officer:
City Learning Trust
Stoke on Trent
Tel No: 07940514736