General Data Protection Regulation (GDPR)
Data Protection governs how information about living people (such as pupils and staff) is collected and used.
GDPR is about personal data. This means data which relates to an individual who can be identified from that information. It does not affect all the records the school or academy trust holds because much of it will not contain personal data.
GDPR became law on 25 May 2018. It has a number of changes from the previous Data Protection Act. The main new feature of data protection under the GDPR is an accountability principle, meaning that the organisation does not only have to comply, but it has to be able to demonstrate that it complies.
The Information Commissioner’s Office (ICO) is the national regulator of data protection legislation. If there is something that we, as an academy trust, are doing that is not quite as it should be a complaint can be made to the ICO.
N.B. the ICO website is a key place to find further information on GDPR. Here is the link:
St Francis Church of England Primary School is part of the Fioretti Trust and therefore Fioretti Trust is the Data Controller and responsible for compliance under GDPR.
Privacy Notices are what we use to explain to people why we collect information and what we are going to do with it, such as if we are going to share it with anyone else.
Data Protection Officer (DPO)
Fioretti Trust has instructed Judicium to act as their Data Protection officer (DPO) and Judicium have audited all of its schools.
GDPR makes it a requirement for all public authorities (including schools) and large organisations to have a designated DPO. If you wish to contact the school directly about a query related to the GDPR please email: email@example.com
Judicium can also be contacted for advice:
Data Protection Officer: Judicium Consulting Limited
Address: 72 Cannon Street, London, EC4N 6AE
Telephone: 0203 326 9174
Lead Contact: Craig Stilwell
Procedures for individuals to exercise their rights
The GDPR gives individuals various rights around their data. The main one is being able to request a copy of the information held about them, but it also gives them the right to do things like request that information is corrected (if inaccurate).
The Trust's policies related to GDPR are available for you to view by following the link on the website under "Policies."