General Data Protection Regulation
General Data Protection Regulation Policy
GDPR stands for General Data Protection Regulation and replaces the previous Data Protection directives that were in place. It was approved by the EU Parliament in 2016 and comes into effect on 25th May 2018.
GDPR states that personal data should be ‘processed fairly & lawfully’ and ‘collected for specified, explicit and legitimate purposes’ and that individuals data is not processed without their knowledge and are only processed with their ‘explicit’ consent. GDPR covers personal data relating to individuals. Dunmow Theatre Dance School is committed to protecting the rights and freedoms of individuals with respect to the processing of children’s, parents, visitors and volunteers personal data.
The Data Protection Act gives individuals the right to know what information is held about them. It provides a framework to ensure that personal information is handled properly.
GDPR includes 7 rights for individuals
1) The right to be informed
Dunmow Theatre Dance School (DTDS) is a registered with Associated Board of Dance and as so, is required to collect and manage certain data. We need to know parent’s names, addresses, telephone numbers, email addresses. We need to know children’s’ full names, addresses, date of birth, along with any SEN and medical requirements. We are requested to provide this data to Essex County Council, when applying for performance licences / chaperone licences .
DBS numbers and chaperone licence numbers and date of issue are also kept in a secure file
2) The right of access
At any point an individual can make a request relating to their data and Dunmow Theatre Dance School will need to provide a response (within 1 month).
3) The right to erasure
You have the right to request the deletion of your data where there is no compelling reason for its continued use. However, DTDS has a legal duty to keep children’s and parents details for a reasonable time*, DTDS retain these records for 6 months after leaving , children’s accident and injury records for 5 years ), for Child Protection records. This data is archived securely and shredded after the legal retention period.
4) The right to restrict processing
Parents, visitors and Volunteers can object to DTDS processing their data. This means that records can be stored but must not be used in any way, for example reports or for communications.
5) The right to data portability
DTDS requires data to be transferred from one IT system to another; such as from DTDS to the Local Authority, for performance BOPA licences, and dance Associations for examinations. These recipients use secure file transfer systems and have their own policies and procedures in place in relation to GDPR.
6) The right to object
Parents, visitors and staff can object to their data being used for certain activities like marketing or research.
7) The right not to be subject to automated decision-making including profiling.
Automated decisions and profiling are used for marketing based organisations. DTDS does not use personal data for such purposes.
Storage and use of personal information
All paper copies of children’s, students and Volunteer records are kept in a locked file in Barnston Dunmow. Volunteer chaperones can have access to these files but information taken from the files about individual children is confidential. These records are shredded after the retention period.
Information about individual children is used in certain documents, such as, a weekly register, medical forms, referrals to external agencies and disclosure forms. These documents include data such as children’s names, date of birth and sometimes address. These records are shredded after the relevant retention period.
Enrolment forms with essential information required in case of emergency are carried to each venue but kept locked in a folder only to be accessed in emergency this folder is securely stored in a locked file in Barnston at all other times.
DTDS collects a large amount of personal data every year including; names and addresses of those on the waiting list. These records are shredded if the child does not attend or added to the file and stored appropriately.
DTDS stores personal data held visually in photographs or video clips or as sound recordings, No names are stored with images in photo albums, displays, publicity or on DTDS social media sites.
Access to the Office computer is password protected. Only accessed by the data controller( Susan Bibb) Any portable data storage used to store personal data, e.g. USB memory stick, are password protected and/or stored in locked file.
GDPR means that DTDS must;
* Manage and process personal data properly
* Protect the individual’s rights to privacy
* Provide an individual with access to all personal information held on them
This Policy was adapted at a meeting at Tip Toe Stage School in April 2018 Signed on behalf of Tip Toe Stage School
Policy review date: September 2019