At Combe Down Primary School (CDPS) we are committed to ensuring we do the right thing for our Governors, our families, our students, our staff and the third parties we work with. Verified by a local law firm, we are focused on ensuring our processes can be evidenced to demonstrate compliance.
- Identification of a Data Protection Officer
- Data mapping and Data Asset Register
- Embedding data privacy into all our processes
- Information security risk
- Third party risk and our data partners
- Responding to individual complaints and data subject access requests (DSARs)
- Data Privacy Breach procedures
- Ongoing monitoring
What have we done?
- We have started to roll out new PAT and CDPS GDPR privacy notices.
- We have published a new PAT and CDPS GDPR/Data Protection Policy
- We have ensured that all processing of data done in school complies with GDPR
- We have undergone an Information Governance Health Check Report
There are six lawful processing conditions:
- Compliance with a legal obligation
- Performance of a contract
- Legitimate interest
- Public interest
- Vital interest
Data privacy is discussed at each Governing Body meeting and regularly reviewed by senior leaders within school.
CDPS's named Data Protection Officers (DPO) are Jane Gascoigne (Headteacher) and Jenny Maitland (School Business Manager); the DPO Link Governor is John Beaver.
Both the Headteacher and School Business Manager will lead the teams in school, helping embed data privacy into operations whilst also monitoring activity on an ongoing basis. The DPO Link Governor will oversee this work and act as an auditor and critical friend. There will be regular training for all staff to ensure a deeper level of understanding, allowing them to identify any risks and stop them from happening.
Please find below the PAT and CDPS Privacy Notice as well as GDPR/Data Protection policy.