UK GDPR – General Data Protection Regulation
The Data Protection Act 2018 came into force on 25th May 2018 in the UK. The Act implements the General Data Protection Regulation (now UK General Data Protection Act) in national law. The UK GDPR has 2 key objectives:
- To facilitate a free movement of data by creating a consistent data protection regime across the Union.
- To provide a framework that more accurately reflects how we use data today and therefore better protect the rights and freedoms of individuals.
Data protection and the GDPR – January 2021
As the UK transitional arrangements expired on 31 December 2020, there are some practical changes for Data Protection and GDPR.
To comply with the Data Protection, Privacy and Electronic Communications (Amendments, etc.) (EU Exit) Regulations 2019, please note that every policy, notice and procedural guide that refers to ‘GDPR’ shall now be read as ‘UK GDPR’.
The rights, responsibilities and data protection that the Data Protection Act 2018 and the GDPR are not changed. Our procedures and arrangements will not change.
If you would like to discuss anything about Data Protection, or if you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance please email email@example.com or write to:
The Data Protection Officer
C/O The Park Community School,
Alternatively, as The Park Community School is part of the Tarka Learning Partnership (TLP), you can also contact the TLP’s Data Protection Officer, John Walker via any of the following means:
John Walker, J A Walker Solicitors, Office 7, The Courtyard, Gaulby Lane, Stoughton,Leicestershire, LE2 2FL
Telephone: 03337 729763
Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/.
For more information about how we handle personal information and your rights, please refer to the further information below and our Privacy Notices listed here.
- Common to all Privacy Notice
- Privacy Notice for Students
- Privacy Notice for School Workforce
- Privacy Notice for Job Applicants
- Privacy Notice for School Trips
- Privacy Notice for Governors
- Privacy Notice for Alternate Provision
Any individual, or person with parental responsibility, or young person with sufficient capacity to make a request is entitled to ask what information is held. This is known as a Subject Access Request (SAR). Please see click on the links below to see our SAR Process and Protocol below and also the form to submit a SAR to the school.
Data subject rights
At its core, the UK GDPR is about ensuring the privacy of the individual. The UK GDPR provides data subjects with 8 rights that they may exercise when their personal data is being processed; these rights support the individual’s overarching right to privacy in their private life. These rights include:
Right to be informed: Data subjects should expect to know the identify and contact details of the controller and their representative; why and how your data is being processed; if your data will be shared or passed on; how long your data will be stored; and what your rights are. This information is reflected in the Trust’s Privacy Notices.
Right to access: Data subjects have the right to obtain a copy of your personal data as well as to understand how and why your data is being used. This is commonly known as a Subject Access Request.
Right to object to automated decision making, including profiling: Where rights apply, data subjects can obtain human intervention; express your point of view; and obtain an explanation of the decision and challenge it. The right does not apply if the processing is required to fulfil a contract; has been authorised by member state law; or is based on explicit consent.
Right to object: Data subjects can object to us using your information in certain circumstances (please refer to the UK GDPR for the circumstances). This does not apply when we have lawful bases for processing your data, such as legal obligation or to protect the vital interests of a person.
Right to data portability: This right is not absolute. It allows data subjects to obtain/reuse your personal data for your own purposes across different services where data is processed by automated means; the right only applies to information you have provided to a controller. The processing has to be based on consent or where it is necessary to fulfil a contract.
Right to restriction: Data subjects can request that the processing of their data be restricted if one of the conditions set out in Article 18 applies (please refer to the UK GDPR for the conditions).
Right to erasure: Data subjects can request deletion of the data held about you, but only in certain circumstances, including if the data is no longer necessary for the purposes for which it was collected; if you withdraw consent on which the processing is based and where there is no other legal ground for the processing or you object to the processing and there are no overriding legitimate grounds for the processing; or if the data has been unlawfully processed, is to be erased for compliance with a legal obligation or has been collected in relation to the offer of information society services.
Right to rectification: Data subjects have the right to request that your information is updated to be made accurate, in the event where the information held by us may no longer be accurate (such as your address). You also have the right to rectification when the information we hold about you is incomplete, such as where the digit of a phone number is missing.
To exercise these rights, where they apply, please contact us through email firstname.lastname@example.org.
Lawful basis for processing
The lawful bases Tarka Learning Partnership rely on when handling personal data include, but are not limited to:
- legal obligations;
- vital interests;
- public interests;
- Right to withdraw consent
If the Trust has used consent as the lawful basis for processing your data, you have the right to withdraw this consent at any time. To exercise this right, please contact the GDPR Lead via email email@example.com.
Use of the website
The Park Community School website exists to provide you with information about the Trust. You do not have to provide us with any personal information to access the website.
The vast majority of personal information we hold about you via the website will be obtained if you contact us by email, phone or post using the contact details given on our website. We will ensure that all personal data you supply to us is held in accordance with data protection law.
The Tarka Learning Partnership Related Policies
Please also link to the TLP website for our Trust Policies on CCTV, Confidentiality, and Records Management Policy & Schedule.