At St. Patrick’s, we take your privacy very seriously and work to the highest standard to keep your data safe. We welcome the introduction of the General Data Protection Regulation (GDPR), which came into force on the 25th May 2018. It provides all of our stakeholders with an opportunity to reflect upon the measures that we have in place to protect data.
We are committed to compliance with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the General Data Protection Regulation (GDPR). Ongoing compliance is embedded in all processes and policies throughout the academy.
Who is responsible for Personal Data?
Under the GDPR, we are recognised as a Data Controller, Data Processor, or both. The requirements differ depending on our role in the data collection and handling process.
As a Data Controller, under the new GDPR, we define how and why personal data is collected, stored and used. We also utilise data processors – third parties that process the data we control on your behalf.
We will achieve compliance by ensuring personal data is processed lawfully, transparently, and for a specific purpose. Once the purpose is fulfilled and the data is no longer required, it will be deleted, as stipulated within our Data Retention Policy.
GDPR at St. Patrick’s School
- We are registered with the Information Commissioner’s Office as Data Processor.
- We utilise a wide range of security measures in line with the recommendations provided by ICO (Information Commissioner’s Office).
- We have implemented additional security measures including advanced firewalls, enhanced virus protection on all servers, regular data backup, username/password/PIN to control access, automatic suspicious activity detection and logging etc.
- We provide bespoke data protection training to all teaching and support staff.
- We carry out due-diligence with all third party data processors.
- We will continue to share the specific details of personal data collected in our Privacy notices, bespoke to staff, parents and pupils. The revised notices are publicly available on our website.
- We have completed a comprehensive data mapping audit of the data that we process and store. We have also reviewed our data breach incident response procedure.
If you would like to read more about GDPR, the following video on YouTube, provides an excellent visual story of a school’s GDPR journey.
- GDPR Schools Data Protection Policy
- Disposal of Records Schedule Retention Guidelines for Schools
- Privacy notice for pupils and parents
- GDPR Schools Data Subject Access Request Form
- GDPR Your Info Your Rights Leaflet
You may need a product like Adobe Reader (free download) to view our PDF documents on our website.