DATA PROTECTION ACT 2018 (DPA 2018)
In order to provide an effective education system that can respond to the needs of all children, systems are used that improve and standardize communication between schools and the County Council. Much of this data is held on computer systems and is subject to the Data Protection Act. The Data Protection Act says that information must only be used for the purpose for which it is collected. In the case of each child, the information will only be used by teachers to help the child’s progress, by the DfE and educational professionals. Parents may request to know what information is being held in relation to their child by writing to the Headteacher of the child’s present school. Further information regarding Data Protection can
be obtained from the Northumberland County Council (NCC) website
http://www.northumberland.gov.uk/About/Contact/Information.aspx.
The Eight DPA Principles
There are eight principles of good information handling outlined in the act that state that data must be:-
- Fairly and lawfully processed
- Processed for limited purposes
- Adequate, relevant and not excessive
- Accurate
- Not kept for longer than is necessary
- Processed in line with your rights
- Secure
- Not transferred to other countries without adequate protection
General Data Protection Regulations (GDPR)
The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of the Data Protection Act like the GDPR came into force on 25 May 2018. The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) came into force on 25 May 2018 in order to strengthen and unify data protection for all individuals within the European Union. It has replaced the Data Protection Act 1998 to ensure that all data held within our school is processed, stored and safeguarded in accordance with this new legislation. Any data breach received by the school, under the new Regulations, which is likely to cause personal damage e.g., identity theft, will be reported to the ICO (Information Commissioner’s Office) within 72 hours from notification.*
The Data Protection Officer (DPO) for Morpeth All Saints CE First School is:-
Mr. M. Tait Chief Operating Officer – Cheviot Learning Trust
Morpeth All Saints CE First School subscribes annually to the ICO (Information Commissioner’s Office). Information about your rights under GDPR can be found on the Information Commissioner’s website.