This section of our site outlines the handling of personal data at Tomlinscote, and steps that are taken to mitigate the risk to any individual involved with our school. The school strives to provide and maintain policies and procedures to reflect our legal responsibilities and best practice. Please take the time to review some of the attached pages and documents.
The school has a designated Data Protection Officer:
what is data protection?
The term ‘data’ refers to any information the School collects from students, staff, parents and other contacts. This might be on paper, or in the form of digital files.
The School has a duty to handle all data appropriately and use the information collected only for the reasons given at the time of collection.
The term ‘personal data’ refers to data that relates to a particular, identifiable person.
Why is data protection important?
In May 2018 the legislation in Europe regarding data protection was renewed significantly. The General Data Protection Regulation (GDPR) ensures that individuals always have control of and access to their own data.
Data controllers have key responsibilties, ensuring that data they collect is handled securely and sensitively.
What about outside the EU?
Companies and services that operate outside the EU (Eg. Microsoft, Facebook) also have responsibilities. All data relating to EU citizens is subject to the terms of the GDPR, even if the data is stored/transferred overseas.
What is a data controller?
A data controller is a person or organisation that collects and processes data. It may also provide other data processors with access to certain data, to achieve a specific purpose.
For instance, the School provides Surrey County Council with the information it needs to pay its staff.
What is data processing?
The processing of data simply refers to any action performed on a particular set of data. This includes copying, analysing, deleting, or sharing.
As an example, the School uses an online service called Kerboodle. This service hosts textbooks and online activities for various academic subjects. In order to allow students to log in, the School supplies student names and their school-managed email addresses with the service provider. No other information is shared, as this would be unnecessary for the purpose.
What do I do if I have a query or concern?
In the first instance, contact the School Data Protection Officer (named above).
In case of significant data protection issues, all data controllers in the UK are required to register with the Information Commissioner’s Office (ICO). The ICO is the authority that deals with complex or serious issues surrounding data protection.