GDPR

GDPR (General Data Protection Regulations)

The General Data Protection Regulation replaces the Data Protection Act; which is designed to strengthen and unify the safety and security of all data held within an organisation.

DATA PROTECTION PRINCIPLES

The data protection principles are:

• personal data processed fairly and lawfully
• personal data obtained for one or more lawful purposes
• personal data shall be adequate and up to date
• personal data shall be adequate, relevant and not excessive
• personal data shall not be kept longer than necessary
• personal data shall be processed in accordance with the acvt
• technical and organisational measures shall be taken against unauthorised processing
• personal data shall not be passed outside the EEA unless that country ensures adequate level of protection for the rights and freedoms of the data subject

Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Mrs Lisa Thompson (Data Protection Lead) 

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing, damage or distress
• prevent processing for the purpose of direct marketing
• object to decisions being taken by automated means
• in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
• claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

If you would like to discuss anything in this privacy notice, please contact: Amy Brittan, School Development Officer, Somerset LA – dposchools@somerset.gov.uk

UPDATE

Brexit and data protection

The UK has now officially left the EU, and laws about international data transfers have changed.

The UK is yet to be granted an ‘adequacy decision’ by the EU which will allow data to flow without additional safeguards. However, the UK and EU have put a temporary arrangement in place, detailed within the UK-EU Trade and Cooperation Agreement which came into force on 1st January 2021.

This allows the current transitional arrangement to continue. Personal data can continue to flow from the EU/EEA to the UK for up to six months, on the condition that the UK makes no major changes to its data protection laws. This gives the EU Commission time to consider granting an adequacy decision to the UK.
 

The UK has retained the General Data Protection Regulation in domestic law, and GDPR in the UK is retitled ‘UK GDPR’.

Once the additional transitional arrangement has concluded, we will provide updated documentation.