General Data Protection Regulations (GDPR) became effective on 25^th May 2018.  These regulations provide guidelines for the collection and processing of personal information.  Under GDPR consent about the collection and use of data must be freely given, specific, informed, unambiguous and a positive opt in.  Individuals have clear rights including the right to be informed, the right of access and the right to object.  Schools are required to have Privacy Notices for Parents/Carers, Children, Staff and Governors (see attached).   From the age of 13 children may consent for themselves.  Personal data needs to be effectively protected including locked filing cabinets and encrypted, password protected files for digital data.

St. Mark’s Catholic School is a member of the Diocese of Westminster Academy Trust (DOWAT).  St. Mark’s is subject to the GDPR Policy (see attached) and Procedures of this single company.  The Data Protection Officer (DPO) for the Trust is currently Ms Micon Metcalfe.  Any questions about GDPR can be directed to the Academy Data Protection Lead Officer on 01895 679414.  The St. Mark’s Data Protection Lead Officer, Ian Wilkinson, liaises with the DPO.  DOWAT GDPR procedures seek to minimise the risk of data breaches through staff training, reviews, data minimisation and transparency, data impact assessments where appropriate.  The DOWAT GDPR Policy includes the Subject Access Request Procedure.  GDPR Policies and Procedures will be reviewed on an annual basis.