Data Protection

From 25 May 2018 processing of personal data by organisations has had to comply with the General Data Protection Regulation/Data Protection Act 2018. These rules gives a clear set of rights to everyone in society as well as making clear the responsibilities of organisations which handle or process information about people (or 'Data Subjects' as they are known). GDPR applies to 'Data Contollers' and 'Data Processors'.

A 'Data Controller' determines the purposes and means of processing personal data.

A 'Data Processor' is responsible for processing personal data on behalf of a controller.

Rudyard Kipling Primary School is a Data Controller as we collect or generate data about pupils, parents/guardians, staff and visitors. Please read our privacy notice here.

Data Subjects' rights under GDPR:

Right to be informed

Right of access

Right to rectification

Right to object

Right to restriction of processing

Right to erasure

Right to object

Right to data portability

Rights related to automated decision making including profiling

Data Controllers’ obligations:

To maintain records of all processing activities (Article 30 GDPR);

To cooperate and consult with supervisory authorities (Article 31 GDPR);

To ensure a level of security (Article 32 GDPR);

To notify the supervisory authorities in the event of a data breach (Article 33 GDPR);

To conduct a data protection impact assessment (Article 35 GDPR);

To assist data subjects with exercising their rights to privacy and data protection (Chapter III GDPR).

Our school's Data Protection Officer is Mr. Steven Chennells

The section below contains the documentation and procedures our school has put in place to ensure we are compliant and that the rights of our data community are respected.