Data Protection and GDPR
What is GDPR?
On May 25th 2018 the General Data Protection Regulation (GDPR) (EU) 2016/679 came into force. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union and is intended to unify the policies and strengthen the safety and security of all data held within an organisation.
This legislation replaced the Data Protection Act (DPA) and is considered the most significant data protection legislation of the last 20 years. There is a plethora of information about the new legislation available online. The Information Commissioner’s Office (ICO) provides a good starting point with its Overview of GDPR.
Data Controllers and Data Processors
Schools are the data controllers of staff and pupil-related data. The data controller is the person or organisation that determines what data is extracted, what purpose it is used for and who is allowed to process the data. GDPR increases the responsibility schools have to inform pupils and parents about how their data is being used and by whom. Xplor is the data processor of pupil, parent and staff data when this data has been uploaded by a school. This is data we are trusted with but do not control.
Xplor is the data controller of parent and pupil data that has been uploaded and managed by parents directly onto the Xplor platform.
How we comply with GDPR