Corporate rules to allow multinational organisations such as multi national school networks to safely and legally transfer data internally (within the organisation) but across EU borders.
Freely given, specific, informed and explicit consent by statement or action by the student, parent, staff member or any person signifying agreement to the processing of their personal data. read more about consent
This is the school. Determines the purposes, conditions and means of the processing of personal data.
The requirement for schools to provide the student, parent, staff member with a copy of his or her data in a format that allows for easy use with another school or data controller.
A breach of security leading to the accidental or unlawful access to, destruction, misuse, etc. of personal data.
Privacy by Design
A principle that calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition.
Privacy Impact Assessment (PIA)
A tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data.
Any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc.
Any automated processing of personal data intended to evaluate, analyse, or predict student, parent or staff behaviour.
The processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non-attribution.
Entity to which the personal data are disclosed.
Any person in the Union explicitly designated by the controller to be addressed by the supervisory authorities.
Right to Access
It entitles the student, parent or staff member etc to have access to and information about the personal data that the school has concerning them.
Right to be Forgotten (RTBF)
Also know as 'right to erasure'. Entitles the Student, Parent, Staff member etc (data subject) to have the school erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data.
General Data Protection Regulation. New data privacy and protection regulations which will replace individual data protection laws in all EU countries on 25th May 2018. read more