Data Protection and GDPR
From 25 May 2018 processing of personal data by organisations had to comply with the General Data Protection Regulation. These rules give a clear set of rights to everyone in society as well as making clear the responsibilities of organisations which handle or process information about people (or ‘Data Subjects’ as they are known). GDPR applies to ‘Data Controllers’ and ‘Data Processors’.
A ‘Data Controller’ determines the purposes and means of processing personal data.
A ‘Data Processor’ is responsible for processing personal data on behalf of a controller.
Our Lady of Lourdes Catholic Primary School is a Data Controller as we collect or generate data about pupils, parents/guardians, staff, governors and visitors. Please read our GDPR related policies on our policies page.
Data Controller’s Obligations
Data Subjects’ Rights under GDPR
To maintain records of all processing activities (Article 30 GDPR);
To cooperate and consult with supervisory authorities (Article 31 GDPR);
To ensure a level of security (Article 32 GDPR);
To notify the supervisory authorities in the event of a data breach (Article 33 GDPR);
To conduct a data protection impact assessment (Article 35 GDPR);
To assist data subjects with exercising their rights to privacy and data protection (Chapter III GDPR).
Our school’s Data Protection Officer is Mr. James England (through Data Protection Education)