Data Protection

Data Protection and Freedom of Information

UK GDPR came into force on 1st January 2021, when the EU GDPR was enacted into UK law after Brexit. The UK GDPR reflects all the contents of the EU GDPR which was introduced in May 2018.

GDPR gives enhanced reights to individuals, and greater responsibilities for organisations (including Schools). We have increased out transparency and accountability to ensure that we are complying with the principles of GDPR when processing personal data.

We have taken the following actions:

  • Appointed a Data Protection Officer (DPO) who is responsible for monitoring compliance with current data protection law, and has the knowledge, support and authority to do so effectively. They oversee and verify the school’s data protection processes and advise the school on best practice.

  • Appointed a Data Protection Lead (DPL), who maintains contact with the DPO and is responsible for assisting in monitoring with compliance and verifies the school’s data protection practices on a day-to-day basis.

  • Appointed a Data Protection Governor who assists the DPL in monitoring and reporting to the Governing Body.

  • Publish our privacy notices to inform you of how we use your personal data

  • Log any data breaches informing the Informations Commissioner's Office when necessary

  • Trained all new and exisiting staff in data protection and reminded them of their responsibility to keep data safe

If you have any questions or would like to speak with our DPO or DPL please email dposchools@somerset.gov.uk or jwiseman@stmichaelsacademy.co.uk.