UK GDPR – General Data Protection Regulation
The Data Protection Act 2018 came into force on 25th May 2018 in the UK. The Act implements the General Data Protection Regulation (now UK General Data Protection Act) in national law. The UK GDPR has 2 key objectives:
To facilitate a free movement of data by creating a consistent data protection regime across the Union.
To provide a framework that more accurately reflects how we use data today and therefore better protect the rights and freedoms of individuals.
The school's data protection officer is John Walker
J. A. Walker, Solicitor
Office 7, The Courtyard
tel: 03337 729763
The School's Lead on day to day Data Protection is Ellen Mitchell (email@example.com)
Data Subject Rights
At its core, the UK GDPR is about ensuring the privacy of the individual. The UK GDPR provides data subjects with 8 rights that they may exercise when their personal data is being processed; these rights support the individual’s overarching right to privacy in their private life.
These rights include:
Right to be informed: Data subjects should expect to know the identify and contact details of the controller and their representative; why and how your data is being processed; if your data will be shared or passed on; how long your data will be stored; and what your rights are. This information is reflected in the Trust’s Privacy Notices.
Right to access: Data subjects have the right to obtain a copy of your personal data as well as to understand how and why your data is being used. This is commonly known as a Subject Access Request.
Right to object to automated decision making, including profiling: Where rights apply, data subjects can obtain human intervention; express your point of view; and obtain an explanation of the decision and challenge it. The right does not apply if the processing is required to fulfil a contract; has been authorised by member state law; or is based on explicit consent.
Right to object: Data subjects can object to us using your information in certain circumstances (please refer to the UK GDPR for the circumstances). This does not apply when we have lawful bases for processing your data, such as legal obligation or to protect the vital interests of a person.
Right to data portability: This right is not absolute. It allows data subjects to obtain/reuse your personal data for your own purposes across different services where data is processed by automated means; the right only applies to information you have provided to a controller. The processing has to be based on consent or where it is necessary to fulfil a contract.
Right to restriction: Data subjects can request that the processing of their data be restricted if one of the conditions set out in Article 18 applies (please refer to the UK GDPR for the conditions).
Right to erasure: Data subjects can request deletion of the data held about you, but only in certain circumstances, including if the data is no longer necessary for the purposes for which it was collected; if you withdraw consent on which the processing is based and where there is no other legal ground for the processing or you object to the processing and there are no overriding legitimate grounds for the processing; or if the data has been unlawfully processed, is to be erased for compliance with a legal obligation or has been collected in relation to the offer of information society services.
Right to rectification: Data subjects have the right to request that your information is updated to be made accurate, in the event where information held by us may no longer be accurate (such as your address). You also have the right to rectification when information we hold about you is incomplete, such as where the digit of a phone number is missing.
To exercise these rights, where they apply, please contact us through any of the means indicated on our Contact page.
Relevant policy documents and privacy notices (please click on the Tarka logo below to acces)
Trust links for policies and privacy notices (available on the Tarka Website):