Data Protection
Following the Data Protection Act 1998, the General Data Protection Regulation (GDPR) 2018 came into force on 25 May 2018. The GDPR only applies to personal information, ie, information about identifiable living individuals and to anyone who processes, stores or is the subject of personal data.
The Regulation lays down rules relating to the protection of natural persons with regard to the processing of personal data and rules relating to the free movement of personal data:
- It protects the fundamental rights and freedoms of natural persons and, in particular, their right
to the protection of personal data. - Anyone who records and uses personal information (data controllers) must be open about how the information is used and must follow the six principles of ‘good information handling’.
- All individuals (data subjects) have the right to see information that is held about them and the right to have information corrected if it is incorrect.
- The Regulation applies to all electronic records that contain information about living and identifiable individuals and extends data protection to manual files where the personal data of a data subject is readily accessible (a structured filing system).
- The main aim of the Regulation is to protect data from unnecessary, unauthorised or harmful use and to provide individuals with some control over the use of their personal data. Individuals have the right to take action for compensation caused by inaccurate, lost or destroyed data or unauthorised disclosure of information. They also have the right to complain to the Information Commissioner who may serve an enforcement notice and, in some circumstances, impose a financial penalty.
In collecting, using, storing and disposing of data, the Trust or an individual Academy will comply with the requirements of the GDPR that govern the processing of personal data. Under these requirements, information will be collected and used fairly, stored safely and not disclosed to any other person where to do so would be in breach of those requirements or would otherwise be unlawful.
If a request is made for information, in the majority of circumstances the issue will be resolved without reference to the GDPR. If a Data Subject specifically makes a request under this Regulation, then a formal procedure must be followed (see SARs below).
More information about data within our Trust can be found within our policies including:
- Data Protection Policy
- CCTV and Surveillance Policy
- Data Breach Notification Policy
- Records Management Policy
These can be accessed on our policies page: Trust Policies and Statutory Documents
Privacy Notices
Exceed Academies Trust is the Data Controller for all personal data processed by our schools. Our statutory privacy notices explain how we collect, use, store and share personal information. These notices apply to all Trust schools.
Pupil and family Privacy Notice
If you require further information about the GDPR, this is available on the Information Commissioner's website at www.ico.org.uk
The Trust has appointed Ruth Jarvis as its Data Protection Officer (DPO). The role of the DPO is to inform and advise the Trust on its data protection obligations. The DPO can be contacted at info@exceedacademiestrust.co.uk
We keep a record of when and how we got consent from the individual to process their personal data. Should you wish to withdraw consent please contact the DPO advising of the consent you wish to withdraw - info@exceedacademiestrust.co.uk
SUBJECT ACCESS REQUESTS (SARs)
Please read the Data Subject Access Request Policy for information and procedures to follow should you wish to make a Data Subject Access Request. The policy can be accessed on our policies page: Trust Policies and Statutory Documents
Whilst Data SARs can be made verbally, we will always ask for confirmation of the request in writing so that we can keep an accurate record of the information requested. To support with this, you may wish to use the form below.
Data Subject Access Request Form
Once complete, the standard form should be either posted to the Data Protection Officer, Exceed Academies Trust, Dawnay Road, Bradford, BD5 9LQ or emailed to: info@exceedacademiestrust.co.uk
