BGGS is committed to maintaining the confidentiality of information held within its systems about staff, students, finances and operations. The School regularly reviews its Data Protection Policy to make sure we provide privacy and security for our students, staff, and parents.
Whilst we take all measures possible to ensure the protection of data, the School has put in place procedures to mitigate and reduce the impact of any data privacy issues. These are outlined below:
The Risk Register
Our Risk Register lists the areas of potential data breaches, how they may occur and what steps can be taken to avoid a breach.
Definition of a data breach
A data breach can be defined as the unintended loss of personal data relating to students, parents, staff or anyone connected to the school whose details are held on the school systems. Examples of possible breach scenarios are shown below:
Loss or theft of equipment on which data is stored
- Inappropriate access controls allowing unauthorised use
- Equipment failure
- Poor data destruction procedures
- Human error, including accidental deletion
- Cyber attack/hacking
- “blagging” – where information is obtained by deception
In the event of a breach
Should a data breach occur, the Data Protection Officer and Head Teacher will investigate the cause, nature and severity of the breach. The ICO (Information Commissioner’s Office), the Police and school stakeholders will be informed if deemed relevant.
You can contact the School Data Protection Officer via email at firstname.lastname@example.org
The Data Protection Officer and Head Teacher will examine the school’s Risk Register and identify if any further action can be taken to prevent further data loss and recover lost or damaged data.
This procedure is designed to be read in conjunction with the school’s Data Protection and e-Safety Policies and the following legal framework:
- The Data Protection Act 1988
- The Computer Misuse Act 1990
- The General Data Protection Regulations (GDPR) which came into effect from 25th May 2018.