General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) took effect from 25th May 2018. In response to the associated changes to data protection legislation, the Lumen Learning Trust’s notices and policies regarding the processing of personal data reflect these requirements. These documents can be found below and apply to Trust activities as well as individual schools within the Trust.
Our Data Protection Officer
Our DPO is Robert Bullett. He can be contacted via email@example.com. Our Data Protection Officer will inform, advise and monitor compliance at all times through regular audits.
Central Data Management Team
The Trust has a team in place with the responsibility of implementing the tools provided by our DPO as appropriate in order to support the process, provide necessary security and the ongoing delivery of GDPR objectives. The team comprises -
|Mrs Gill Hicks||Head of Operations, Lumen Learning Trust|
|Mrs Karen Hearty||Head of Finance, Lumen Learning Trust|
|Mrs Lisa Cosgrave||Communications Manager, Lumen Learning Trust|
The team can be contacted via firstname.lastname@example.org or by telephone 01932 571217.
Declaration of Compliance
The new EU General Data Protection Regulation (GDPR) took effect on 25 May 2018 and impacts every organisation which holds or processes personal data. It introduces new responsibilities, including the need to demonstrate compliance and more stringent enforcement. GDPR imposes new obligations on organisations, including those in the education and charity sector, that control or process relevant personal data and introduces new rights and protections for EU data subjects.
Lumen Learning Trust is committed to high standards of information security, privacy and transparency. We place a high priority and importance on protecting and managing data in accordance with Article 6 and Article 9 of the GDPR accepted standards.
To ensure we deliver best practice, our programme of compliance includes:
- Contracts with third party suppliers: we are working with our third party suppliers as both as data controller and processor to address GDPR compliance
- Policy Development: we have in place an updated control framework and group specific privacy notices to incorporate GDPR obligations for those we collect, use and hold data for.
- Data collection and consent: we have in place a Data Protection Policy as well as processes to ensure consent is given freely and explicitly.
- Data Impact Assessments & Data Inventory: we have undertaken (and will continue to do so at regular intervals) a systematic review of the data we store, manage, maintain, collect, process and control. This includes offline storage and paper records. Assessments of the data will review information flow, any data transfers, risk reviews and our structural position in relation to purpose, lawfulness, accuracy, consent, confidentiality, record keeping and accountability. Policies in place include Document Retention and Breach Management.
- Training & Awareness: we undertake training across the Trust on GDPR, its impact on the new policies, procedures, and responsibilities of all staff and stakeholders in this new regime.
- Supplier & Partner relationships: where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.
- Technology: we are reviewing our technology platforms to analyse their operation, security and compliance in order to ensure that they meet GDPR standards and identify any gaps and risks.
Our Data Protection Officer will inform, advise and monitor compliance of the Trust both as a data controller and processor. Our Trust Central Data Management Team will implement tools as appropriate that support the process, provide necessary security and ongoing delivery of GDPR objectives.