In the UK, GDPR will replace the Data Protection Act 1998, which was brought into law as a way to implement the 1995 EU Data Protection Directive. GDPR seeks to give people more control over how organisations use their data, and introduced hefty penalties for organisations that fail to comply with the rules. It also ensures data protection law is almost identical across the EU.
At the moment, the Data Protection Act 1998 (“DPA 1998”) applies to the way schools and trusts handle personal data. Most schools and trusts will be familiar with the general requirements of the DPA 1998, for example, the circumstances when they can disclose personal data and what to do if a person submits a subject access request.
From May 2018, the DPA 1998 will be replaced by the General Data Protection Regulation which is often referred to as the “GDPR”. Although many of the principles remain the same as the DPA 1998, there are some important changes which affect the way we process data.
In general terms, the GDPR places more emphasis on transparency, accountability and record keeping.
Requests for information
The Trust (and academies within the Trust) will follow current data protection and other legislative guidance when dealing with Data Subject Access Requests – click here for current ICO Pupils Guidance. As Wade Deacon Trust Trust schools are academies, a student or parent/carer (person with parental responsibility/legal guardian) does not have a legal right to access a child’s educational record. It will be up to the school to decide whether to grant such access.
If you wish to request information we hold about you, please complete the Data Subject Access Form below and send it to the relevant academy or the Wade Deacon Trust Office. Any request in writing from the individual (Data Subject) will be considered as a valid request, whatever the format, as long as it contains the relevant information to enable us to deal with your request.
How do you request information on behalf of someone else?
If you are requesting information on behalf of someone else, you must complete the Data Subject Access Request Form and provide written evidence that you have the Data Subject’s authority to ask for the information on their behalf e.g. signature on the Data Subject Access Form, a letter written by them or evidence of Power of Attorney etc.
Please complete the appropriate request form and send it to the relevant academy.
If your Data Subject Access Request is approved, you will be provided with either a printout or a photocopy of paper records. Where information is requested to be provided by email, we will only agree to this if it can be sent via an approved secure method.
We will contact you to advise if we are unable to approve your request for information.
How do you provide your identity?
If you are not known to the academy or Trust Office, we may ask to see proof of your identity. The following forms of identity will be accepted as proof of identity:
A copy of your passport
A copy of your driving licence
A copy of your bank, building society or credit card statement in the Data Subject's name for the last quarter
A copy of your Council Tax bill
Will you be charged for information provided?
Wade Deacon Trust (and academies within the Trust) will follow guidance within current Data Protection legislation in relation to charges for information. See http://www.ico.org.uk for further information.
What do you do if the data is incorrect?
Please contact the relevant academy / Trust Office to tell them what is incorrect and ask for it to be corrected. You can also appeal to the Information Commissioner if the academy does not correct the information.
Making a complaint
If you are unhappy with the way your request for information has been dealt with, or you think your data has been misused or not held securely, please contact the Trust Data Protection Officer in the first instance.