The EU’s General Data Protection Regulation (GDPR) was introduced to bring together a common approach to the use of personal data ensuring all data protection laws are applied in the same way in every country within the EU. It will protect EU citizens from organisations using their data irresponsibly and puts you in charge of what information is shared, where and how it is shared.
Transparency is a key requirement of GDPR and the first principle is that information must be processed lawfully, fairly and transparently.
Previously under the Data Protection Act 1998, a data protection statement was the way in which the Council informed individuals about the use of their personal information.
Under GDPR, a more detailed and extensive notice is required and the many ways in which the Council will use personal information must be clearly explained.
Previously you were asked to allow the Council to use personal information through means such as the annual data check or through consent forms for trips etc. The changes brought about by GDPR mean that a reliance on consent may not be appropriate.
The key purpose of this change is to put you in control of your own data and your child’s data.
You have a right to be informed as to how the Council uses information about you and this will be done though issuing you with a privacy notice. Privacy notices are not optional, they are mandatory under GDPR.
A privacy notice is a statement about how personal information obtained by the Council will be used. When you have been advised about how your personal information will be used it should not be used for other purposes, unless there is a strong reason for doing so.
The school will have to make sure that when it requires information from you that there is a clear explanation of what is required, what it will be used for and how long the information will be retained for. When this is required you will be issued with a privacy notice.
Annually this will happened when the data check is undertaken and this will include educational trips and excursions. This privacy notice will also enable your personal data to be shared with other departments in the Council and only as appropriate e.g. with educational psychologists, the additional support needs team or social work.
There are key external agencies with whom we need to share your data in order that the Council and specifically Education Services has a secure system to manage your personal data. These are listed on the privacy notice too. The school will be able to provide you with further explanation about what these key agencies are if you require further information
Any other requirement for personal data will be accompanied by a separate privacy notice explain clearly the reason for this.
If you require any further information about the detail related to GDPR , follow this link to the Information Commissioner’s Office at https://ico.org.uk/
Should you have any questions or concerns about the Council’s handling of your personal data you can contact the Council’s Data Protection Officer. Karen Donnelly, Data Protection Officer, East Dunbartonshire Council.