Click here for the Data Protection Policy

Data Protection Policy

 

1. Introduction

The Data Protection Act 2018 provides a legal framework for data protection in the United Kingdom (UK). It incorporates the General Data Protection Regulations (GDPR), the legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU) and is sometimes referred to as UK GDPR.

UK GDPR significantly updates previous Data Protection law to reflect changes in technology and the way organisations collect and use information about people in the 21st century. It regulates the processing of personal data and gives rights of privacy protection to all living persons.
In accordance with the DPA, we at Storth School recognise that we collect and process personal data and because we decide how and why we do that, we are data controllers. This means that we have legal obligations to people regarding how we handle their data and we must register as a data controller with the Information Commissioner’s Office (ICO must register us with the Information Commissioner’s Office (ICO). Anyone can read the details of our ICO notification by going online to https://ico.org.uk/esdwebpages/search and entering our registration number. Data controllers are normally organisations and not people although our headteacher is responsible for everything we do day-to-day and we have appointed a Data Protection Officer (DPO).
Contact our DPO on 015395 62517 or email them at: head@storth.cumbria.sch.uk
We recognise that when we process personal data it can involve collecting, recording, organising, storing, altering, retrieving, using, disclosing, restricting, and erasing or destroying it, and there can be risks associated with that processing to the people whose data it is. Failure to adequately protect people’s personal information can result in significant, even life-changing harm to some individuals, distress, loss of public trust in us, and legal repercussions including fines and other sanctions.

1.1. Policy purpose

Through this policy we aim to ensure that current and future pupils, staff, volunteers, and other partner organisations can feel confident that our school is a safe and secure place to learn or work, and to demonstrate our commitment to protecting the rights and privacy of everyone whose data we handle by setting out:
• our obligations in the context of what we do;
• clear roles, responsibilities, reporting and management structures aimed at protecting people’s personal data and their rights;
• clear procedures for handling data to achieve our aim of taking reasonable and proportionate steps to protect people.

Please click the link at the top of the page to download the full document.