GDPR

GDPR
General Data Protection Regulation Policy
Louise Gould Dance (LGD)
Statement
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection Directives that were in place. It was approved by the EU Parliament in 2016 and came into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. LGD is committed to protecting the rights and freedoms of individuals with respect to the processing of student, visitor and staff personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed
LGD requires personal data such as name, DOB, email, phone numbers and health & injury to allow students to join any dance class and to keep them informed of important information via email and newsletter.
Louise Gould of LGD holds Registered Teacher Status (RTS) with the Royal Academy of Dance (RAD) and and as so, is required to collect and manage certain data for examinations. LGD also enters students for International Dance Teachers Association (IDTA) examinations through the Jacqueline School of Dance (JSD). For this LGD need to know names, addresses, telephone numbers, email addresses & DOB. 
As an events and workshops organiser LGD is required to hold data on hired faculty; names, addresses, email addresses, telephone numbers and bank details. 
2) The right of access
At any point an individual can make a request relating to their data and LGD will need to provide a response (within 1 month). LGD can refuse a request, if we have a lawful obligation to retain data but LGD will inform the individual of the reasons for the rejection. 
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However LGD has a legal duty to keep students details for a reasonable time*, LGD retain these records for 3 years after leaving. This data is archived securely on LGD property and shredded after the legal retention period.
4) The right to restrict processing
Students, visitors and faculty can object to LGD processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.
5) The right to data portability
LGD requires data to be transferred from one IT system to another; such as from LGD to RAD or JSD for examinations. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Students, visitors and faculty can object to their data being used for certain activities like marketing or research.
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organisations. LGD does not use personal data for such purposes.

Storage and use of personal information
All paper copies of student and faculty records are kept in a locked filing cabinet at LGD HQ in Evesham. Only LGD can have access to these files but information taken from the files about individuals is confidential and these records will remain at LGD HQ after being collected at JSD. These records are shredded after the retention period.
Information about individuals is used in certain documents, such as registers. These documents include data such as names, DOB, age and phone number. These records are shredded after the relevant retention period.
LGD stores personal data held visually in photographs or video clip. Images are held in photo albums, displays, on the website or on LGD social media sites where permission has been granted.
Access to all Office computers is password protected. Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in a locked filing cabinet.
GDPR means that LGD must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them

This policy was drawn up in May 2018.

Policy review date: May 2019

No comments:

Post a Comment