General Data Protection Regulation (GDPR)
The General Data Protection Regulation 2018 and new Data Protection Act 2018 have strengthened and unified all data held within Leycroft Academy. It is our responsibility to inform parents and stakeholders about how we are using the data that we hold and who it is being used by.
Managing Personal Information
You have the right to see your child’s records if you wish. Please ask the school office if you would like more details.
The Headteacher is responsible for the accuracy and safe-keeping of the data held. Please help to keep your child’s records up to date by informing the school of any changes in circumstances.
Leycroft Academy recognises the need to protect personal data and places great emphasis on ensuring data remains secure and confidential. This applies to manual and electronic records as well as conversations we have about service users and the services they receive. Everyone at Leycroft Academy is aware of the requirements of the Data Protection Act (DPA) and of their duty to keep personal data secure and confidential. This includes ensuring we only share personal data where we have the legal power to do so.
As an Academy, Leycroft Academy collects and process data as part of our public functions under the Data Protection Act 2018 and the General Data Protection Regulation 2018. Most of the processing of personal data undertaken by the school will fall under a specific legal basis, “in the public interest”. As it is in the public interest to operate schools successfully, it will mean that specific content will not be needed in the majority of cases in school.
GDPR Requirements
GDPR will ensure that data is protected and will give individuals more control over their data, however this means Leycroft has a greater accountability for the data:
- Under GDPR, consent must be explicitly given to anything that isn’t within the normal business of the school, especially if it involves a third party managing the data. Parents (or the pupils themselves depending on their age) must express consent for their child’s data to be used outside of the normal business of the school.
- School must appoint a Data Protection Officer and be able to prove that they are GDPR compliant.
- School must ensure that their third party suppliers who may process any of their data is GDPR compliant and must have legally binding contracts with any company that processes any personal data. These contracts must cover what data is being processed, who it is being processed by, who has access to it and how it is protected.
- It is compulsory that all data breaches which are likely to have a detrimental effect on the data subject are reported to the ICO within 72 hours.
Data Protection Officer
- The Data Protection Officer for the Forward Education Trust: James Plant
- If you have any questions or would like further information, please contact James at dpo@fet.ac