The General Data Protection Regulation (GDPR) took effect from 25th May 2018. In response to the associated changes to data protection legislation, Holy Trinity CE Primary School notices and policies regarding the processing of personal data reflect these requirements. These documents can be found below.
Our Data Protection Officer
As a public body we have appointed Grow Partners Ltd as its Data Protection Officer (DPO). The responsible contact is David Coy, contactable via firstname.lastname@example.org. Our Data Protection Officer will inform, advise and monitor compliance at all times through regular audits.
School Data management
For further information about the schools data management please contact Alison Bateman Head Teacher email@example.com or April Owens Finance Officer firstname.lastname@example.org
Phone: 0208 940 2730
Address: Holy Trinity CE Primary School, Carrington Road, Richmond TW10 5AA
Declaration of Compliance
The new EU General Data Protection Regulation (GDPR) took effect on 25 May 2018 and impacts every organisation which holds or processes personal data. It introduces new responsibilities, including the need to demonstrate compliance and more stringent enforcement. GDPR imposes new obligations on organisations, including those in the education and charity sector, that control or process relevant personal data and introduces new rights and protections for EU data subjects.
Holy Trinity CE Primary School is committed to high standards of information security, privacy and transparency. We place a high priority and importance on protecting and managing data in accordance with Article 6 and Article 9 of the GDPR accepted standards.
To ensure we deliver best practice, our programme of compliance includes:
- Contracts with third party suppliers: we are working with our third party suppliers as both as data controller and processor to address GDPR compliance
- Policy Development: we have in place an updated control framework and group specific privacy notices to incorporate GDPR obligations for those we collect, use and hold data for.
- Data collection and consent: we have in place a Data Protection Policy as well as processes to ensure consent is given freely and explicitly.
- Data Impact Assessments & Data Inventory: we have undertaken (and will continue to do so at regular intervals) a systematic review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews and our structural position in relation to purpose, lawfulness, accuracy, consent, confidentiality, record keeping and accountability. Policies in place include Document Retention and Breach Management.
- Training & Awareness: we undertake training across the Trust on GDPR, its impact on the new policies, procedures, and responsibilities of all staff and stakeholders in this new regime.
- Supplier & Partner relationships: where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.
- Technology: we are reviewing our technology platforms to analyse their operation, security and compliance in order to ensure that they meet GDPR standards and identify any gaps and risks.
Our Data Protection Officer will inform, advise and monitor compliance of the School both as a data controller and processor. Our School Team will implement tools as appropriate that support the process, provide necessary security and ongoing delivery of GDPR objectives.