GDPR: General Data Protection Regulation
What is the GDPR?
The General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the Data Protection Act 1998 in the UK. It is part of the wider package of reform to the data protection landscape that includes the Data Protection Bill. The GDPR sets out requirements for how organisations will need to handle personal data from 25 May 2018.
What information does the GDPR apply to?
The GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
What are the rules on security under the GDPR?
The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used.
Who should I contact if I have concerns around data protection?
Data Protection Officer: Mr Jonathan Peck
As a ‘public authority’, schools and colleges require a designated data protection officer to take responsibility for overall data protection compliance. At Penpol School the DPO is Mr Jonathan Peck.
Data Controller: Mrs Vicki Woolcock
The data controller determines the purposes for and the manner in which any personal data is held, or is to be processed. The data controller at Penpol School is Mrs Vicki Woolcock.
Below you will find a variety of documents that support Penpol School policy and GDPR legislation that may apply to pupils, parents, employees, governors and stakeholders.
The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. Penpol School are registered with the ICO and this authority will support us for GDPR purposes.