Data protection
As of 25th May 2018, the General Data Protection Regulation will come into force throughout the EU. "The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC ... "
http://www.eugdpr.org/
The GDPR requires that organisations have a legal basis for processing personal data of individuals (referred to as Data Subjects). There are several bases for processing the personal data of Data Subjects, including the unambiguous consent of the Data Subject to do so. Organisations must prove that they have a legal basis for processing personal data, or otherwise face fines.
The Data Protection report in Insight is designed as an aid for schools to prove they have a legal basis to process personal data about staff, students and students' contacts (hereafter referred to as parents, although the contacts may not actually be parents). Each type of data stored by Insight is listed on the Data Protection report. The Data Controller(s) of the school can select any of the GDPR legal bases for processing that data, using the Data Protection report.
The Data Protection Report
The Data Protection report in Insight lists each item of data stored by Insight, regarding various stakeholders. The Domain lists the type of person whose data is stored/process and the Field explains exactly what data is stored/processed.
At the top of the page is the Data Controller field. This is used to select the email address of any of the Staff or Admin accounts within the Insight system. More than one account can be selected for this purpose and only Admin accounts can populate this field. Any accounts that have been specified as Data Controllers can specify the basis for processing data, as described below.
