1 / 103

GDPR – Privacy Notice Guidance

GDPR – Privacy Notice Guidance. This checklist is designed to help school leaders produce a privacy notice, which is a statutory requirement. It also suggests what you could include in a broader data protection policy. It is based on guidance from the Information Commissioner’s Office (ICO).

laruej
Download Presentation

GDPR – Privacy Notice Guidance

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GDPR – Privacy Notice Guidance

  2. This checklist is designed to help school leaders produce a privacy notice, which is a statutory requirement. It also suggests what you could include in a broader data protection policy. It is based on guidance from the Information Commissioner’s Office (ICO).

  3. What to include Tips

  4. Privacy notice (statutory requirement)

  5. Policy introduction You should explain that the school is a data controller and, as such, is registered with the ICO and complies with the principles of the Data Protection Act 1998.

  6. Fair processing You should set out the types of information you hold about pupils, staff and other groups, what you do with it and why you need it.

  7. You should also set out the other organisations you share information with. You may wish to make it clear that access to the information is only available to those who need it.

  8. Storage and disposal of information You should explain how confidential information will be kept secure while it is being stored or used by the school, and when it is being shared with others.

  9. You should also explain how the school will ensure that personal data is safely disposed of.

  10. Handling requests for information You should outline procedures for handling requests for information, including individuals’ rights of access to information, timescales for responding, and charges that may be made. This could be in an appendix to the policy/privacy notice.

  11. Data protection policy (non-statutory)

  12. The data protection principles A broader data protection policy could include information on the eight principles of data protection, along with a statement that the school will commit to them.

  13. Responsibilities of different groups A policy might also set out clear procedures for staff and governors to follow when handling personal data.

  14. Training for staff and governors A data protection policy could also include a statement on training and development to ensure that staff and governors are aware of their responsibilities under the legislation.

  15. Role description: Data Protection Officer (DPO)

  16. General information

  17. Contract type:[full-time or part-time]

  18. Salary:

  19. Location:

  20. Reporting to:[job title of line manager for the DPO]

  21. Responsible for:[job titles of staff members who will report to the DPO, if applicable]

  22. Budget responsibilities:[total budget the DPO will manage, if applicable]

  23. Purpose

  24. The DPO is responsible for monitoring compliance with current data protection law, and has the knowledge, support and authority to do so effectively. They oversee the school’s data protection processes and advise the school on best practice.

  25. Key responsibilities

  26. To:

  27. Advise the school and its employees about their obligations under current data protection law, including the General Data Protection Regulation (GDPR)

  28. Develop an in-depth understanding of the school’s processing operations, information systems, data security processes and needs, and administrative rules and procedures

  29. Monitor the school’s compliance with data protection law, by:

  30. Collecting information to identify data processing activities

  31. Analysing and checking the compliance of data processing activities

  32. Informing, advising and issuing recommendations to the school

  33. Ensuring they remain an expert in data protection issues and changes to the law, attending relevant training as appropriate

More Related