General Data Protection Regulations, or GDPR, is a system that has been designed to protect the personal data and privacy rights of all citizens within the European Union. The new regulations will bring the UK into line with the current rules governing countries including Germany, Canada and Australia. The GDPR will replace the Data Protection Act 1998 on 25th May 2018.
The GDPR places greater emphasis on the documentation that data controllers ('The School') must keep to demonstrate their accountability.
What does GDPR actually do?
GDPR Does a few things:
What is personal data?
The definition of personal data under GDPR is given as being:
' Any information relating to an identified or identifiable person (data subject); an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person'.
Who are Data Controllers and Data Processors?
The Data controller is the person or organisation which determines purposes and means of the processing of personal data.
The data processor is the person or organisation which processes the personal data on behalf of the controller.
What rights do Data Subjects have?
Data subjects - the living individuals that the personal data being processed relates to have the following rights under GDPR:
Individuals have an increased right of access to their data and it's use.
All individuals will have a right to obtain confirmation that the data controller is processing their personal data. They will be able to request access to all their personal data that you are processing including what data you are processing, why you are processing it, who it is being shared with and how it will be retained.