GDPR

From 25th May 2018, the Data Protection Act (DPA) will be replaced by the General Data Protection Regulation (GDPR) – meaning that the way we manage all data and information within Miltoncross Academy will change.

GDPR will affect how Miltoncross Academy handles personal data, or how we ‘process’ it. Processing is effectively any action we perform on personal data and includes how we keep records and databases of student and staff information, how we interact with suppliers, contractors and local authorities as well as how we monitor people using CCTV.

Please see below the updated Privacy notices for students, parents/carers along with a video from TKAT about what GDPR is.

To view all our Privacy Policies please visit TKAT's GDPR page https://www.tkat.org/1315/gdpr   

To report a GDPR breach, please contact the school via either:

• office@miltoncross-tkat.org

• dataprotection@tkat.org 

GDPR permission is asked for on our Student Information Forms when starting at the school. Consent is asked for both Photos and Videos as seperate entities. Please ensure you fill in your form correctly - students whose forms are blank will be considered as not having permission granted to be use on our social media or website. You are always allowed to revoke permission at any point. If you wish to do so, please come into school and fill in a new Student Information form (just the relevant sections are suitable) or email office@miltoncross-tkat.org.

TKAT Data Protection Officer Details

Craig Clark: dataprotection@tkat.org 

Use of photographs and video

This guidance covers photos or video (images) of people taken for School purposes.

Personal Data

If the image can be used to identify an individual and tell you something about them it is likely that it will be personal data for the purpose of the Data Protection Act. People can obviously be identified from names but may also be identified from contextual information e.g. the caption reads: ‘This photo shows students working in the school library’.

The following examples will help you to identify the issues that you need to consider.

Photos of specific individuals/groups

Where an image is clearly of an individual or group of individuals, who are the focus of the image, it will be personal data, and consent is required to use it.

Although the Data Protection Act does not specify that consent should be in written form it is strongly recommended that you obtain written consent so that you have a record, in case of subsequent disputes.

GDPR consent forms will be available.

Photos where individuals inadvertently appear in the background

It will not normally be necessary to obtain the specific permission of all who appear incidentally in the background of publicity shots where they are clearly not the focus of the image.

Photos of large crowds/events

Where an image does not focus on one individual or group of individuals, the data is unlikely to be personal data. In addition, it may not be practicable to obtain the consent of every individual. However, it is good practice to ensure that there are clear signs around the venue indicating that publicity photos are being taken.

Publication on web

Publishing an image on the web is a potential disclosure to the world at large. Particular care must be taken therefore to obtain appropriate consent where the image constitutes personal data. In cases of doubt you should err on the side of caution and not publish the image.

VIPs

It may not be appropriate to ask VIPs to complete consent forms, in which case it should be sufficient to obtain verbal consent. 

Children

Although the Data Protection Act does not specify an age limit where images of children are being taken it is important to obtain written consent from the child’s parent/guardian.