What is GDPR?
GDPR stands for: General Data Protection Regulation. Although Leigh Trust and our schools have been working in line with the Data Protection Act from 1998, new regulations in relation to your personal data come into effect from 25th May.
Leigh Trust and our Schools will ensure that personal data is protected and kept safely and securely. We will ensure that our policy for data protection is used as the basis for collecting, storing, accessing, sharing and deleting personal data. Leigh Trust and our schools will use the General Data Protection Regulations (GDPR) as the benchmark for its standard for protecting personal data.
Data access request procedures will be handled within the timescales set out in the GDPR and we provide any additional information in line with the GDPR guidance.
The processing of personal data will be carried out on a lawful basis as required by the GDPR.
Where Leigh Trust or a school within Leigh Trust needs to seek consent, we will do so in a manner that meets GDPR standards.
Any records of consent and the management of the process for seeking consent will also meet the GDPR standard.
Where there is a personal data breach the procedures used to detect, report and investigate it will meet the requirements of the GDPR.
The systems Leigh Trust and its schools puts into place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity will meet the standard set in the GDPR.
Data protection by design and data protection impact assessments will meet with the ICO’s code of practice on privacy impact assessments as well as with the latest guidance.
When Leigh Trust or a school within Leigh Trust requests data we will provide appropriate privacy notices to explain why data is being and the purposes for which it is used.
For the purposes of GDPR Leigh Trust is the 'data controller'. The Data Protection Officer for the trust is Mr Thomas Blewitt who can be contacted on firstname.lastname@example.org
Each of our academies is a 'data processor' with a named Local Compliance Officer and their details can be found on the schools website alongside being referenced in each of the Privacy Notices.
The requirements of the GDPR will be met by Leigh Trust and our Schools as the basis for collecting, storing, accessing, sharing and deleting personal data. Data will be processed fairly lawfully and in a transparent manner. It will be used for specified, explicit and legitimate purposes in a way that is adequate, relevant and limited. It will be accurate and kept up to date and kept no longer than is necessary. Data will be processed in a manner that ensures appropriate security of the data.
Please see further documents relating to Data Protection Policies and procedures and Privacy Notices below:-