The General Data Protection Regulation (GDPR) came into force on 25th May 2018 and replaced the Data Protection Act of 1998.
Under GDPR 'Personal Data' is defined as;
"Any information relating to an identified or identifiable natural person (data subject); an identifiable person is one who can be identified directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person."
As an example, this means that an IP address and a Students Unique Pupil Number (UPN) are both classed as 'personal data' as they can be used to identify an individual.
Under the GDPR legislation Cullompton Community College is a Data Controller so we determine the process and means of the processing of personal data and we must also be able to evidence how we comply with six data protection principles, showing that Personal Data is;
- Processed fairly, lawfully and in a transparent manner
- Used for specified, explicit and legitimate purposes
- Used in a way that is adequate, relevant and limited
- Accurate and Kept up to date
- Kept no longer than is necessary
- Processed in a manner that ensures appropriate security of the data
Privacy notices for 'Data Subject's are provided below and more information can be obtained via our Data Protection Officer, Mrs Vosper email: DPO@cullomptoncollege.org