The school must comply with the terms of the UK GDPR and associated Data Protection Act

What is the UK GDPR?

The UK General Data Protection Regulation (UK GDPR) is part of the data protection landscape that includes the Data Protection Act 2018 (the DPA 2018). The UK GDPR sets out requirements for how organisations need to handle personal data.

What information does the UK GDPR apply to?
The UK GDPR applies to ‘personal data’, which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.

What are the rules on security under the UK GDPR?
The UK GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used.

The Data Protection Act UK GDPR
Everyone responsible for using personal data has to follow strict rules called ‘data protection principles’. They must make sure the information is:
used fairly, lawfully and transparently
used for specified, explicit purposes
used in a way that is adequate, relevant and limited to only what is necessary
accurate and, where necessary, kept up to date
kept for no longer than is necessary
handled in a way that ensures appropriate security, including protection against unlawful or unauthorised processing, access, loss, destruction or damage
There is stronger legal protection for more sensitive information, such as:
race
ethnic background
political opinions
religious beliefs
trade union membership
genetics
biometrics (where used for identification)
health
sex life or orientation
There are separate safeguards for personal data relating to criminal convictions and offences.
Your rights
Under the Data Protection Act 2018, you have the right to find out what information the government and other organisations store about you. These include the right to:
be informed about how your data is being used
access personal data
have incorrect data updated
have data erased
stop or restrict the processing of your data
data portability (allowing you to get and reuse your data for different services)
object to how your data is processed in certain circumstances
You also have rights when an organisation is using your personal data for:
automated decision-making processes (without human involvement)
profiling, for example to predict your behaviour or interests

‘Ellesmere Port Catholic High School Data Protection Policies and Privacy Notices’
School Data Protection Lead
Steph Oscroft, Strategic Data Manager
Ellesmere Port Catholic High School
Capenhurst Lane, Whitby, Ellesmere Port, CH65 7AQ
steph.oscroft@epchs.co.uk

Data Protection Governor
Colette Morris, Governor
Ellesmere Port Catholic High School
Capenhurst Lane, Whitby, Ellesmere Port, CH65 7AQ
colette.morris@epchs.co.uk

Schools Data Protection Officer
Cheshire West and Chester Council
3^rd Floor South, Civic Way, Ellesmere Port, CH65 0BE
SchoolDPO@cheshirewestandchester.gov.uk