GENERAL DATA PROTECTIONREGULATION (GDPR)
The newEuropean General Data Protection Regulation (GDPR) law will come into effect on25 May 2018. The objective of this law is to ensure all personal data relating toliving EU citizens (including the UK) is protected and that those who areentrusted with such data are held accountable for its protection.
The City Learning Trust CLT) and its member academies are committed to data privacy and protection and is taking all necessary steps to ensure GDPR compliance. The GDPR principles will be embedded in our data processing so that parents/carers, pupils, staff, volunteers and visitors are assured that we handle their personal data respectfully, and do so inline with the law.
GDPR complianceis driven by the Trust Board and our main areas of focus / actions taken toprepare for GDPR are listed below:
- The Trust’s data protection policy has been rewritten in line with GDPR. All existing and related policies and procedures will also adhere to new legislation and uphold the highest standards of privacy and protection of personal data rights.
- A thorough data audit has been carried out across the Trust to identify all data held and processed. We have recorded:
Ø The nature and purpose of processing.
Ø Categories of data subjects.
Ø Types of personal data held and processed.
Ø Identified the lawful basis for all ourpersonal data processing.
Ø Detailed the retention period for all data.
Ø Detailed how data will be securely stored and disposed of.
Ø Detailedwho we share data with.
- Our policies and privacy notices conform to the legislation for protection of children’s data.
- We have re-written our privacy notices for staff, pupils and parents/carers to align with GDPR guidelines.
Our processes will ensure that:
- All procedures align with the individual’s rights as specified under GDPR.
- Subject Access Request procedure to manage requests for data is in line with GDPR
- Seeking, recording and managing consent is in line with GDPR.
Processes,Contracts and Employees of the Trust
- We will implement, when necessary, Data Protection Impact Assessments for projects that may involve high risk processing as covered under GDPR.
- A new addendum added to contracts with existing contractors to ensure all parties take account of their respective obligations and responsibilities under GDPR.
- All staff are well informed of the new legislation. GDPR awareness training will be included in the Trust’s annual training cycle.
- We have appointed a Data Protection Officer.
The Trust willcontinue to publish updates regarding GDPR over the coming months. In the meantime if you have any queriesplease contact the Trust’s Data Protection Officer:
City Learning Trust
Stoke on Trent
CLT GDPR Data Protection Policy
CLT Records Management Consent Form
GDPR Consent Form
GDPR letter to parents
Privacy Notice to Parents and Carers
Privacy Notice to Pupils