IT in Education

Complying with the GDPR 2018

glossaryThis article explains how the School IT Expert is affected by GDPR, and what this means to you.


Legal responsibilities

I take Data Protection very seriously and I recognise a number of responsibilities as follows:

  • to process any personal information in accordance with the seven principles of the Act.
  • to answer subject access requests received from individuals within 30 calendar days.

The seven principles of the Act

The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.

The UK GDPR sets out seven key principles:

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality (security)
  7. Accountability

Your rights

The second area covered by the Act provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records.

Should an individual or organisation feel they're being denied access to personal information they're entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner's Office for help.  Complaints are usually dealt with informally, but if this isn't possible, enforcement action can be taken.

 This information has been taken from the the Information Commissioner's Office.


Thanks for visiting,
Steven