Difference between revisions of "Data protection"
(One intermediate revision by the same user not shown) | |||
Line 28: | Line 28: | ||
[[Image:DPbases.jpg|794px]] <br> <br> | [[Image:DPbases.jpg|794px]] <br> <br> | ||
+ | |||
+ | =Notes= | ||
+ | |||
+ | If a user has any of the [[permissions]] in the System Management section, they will have access to the Data Protection page. Only the '''Edit data protection settings''' permission allows the user to make any changes to the Data Protection page. <br> <br> | ||
[[Category:System management]] | [[Category:System management]] | ||
− |
Latest revision as of 13:04, 30 August 2017
| | Permissions required to access this module: |
Section: | |
System management | |
Permission(s): | |
Access PARS management options | |
Edit data protection settings | |
As of 25th May 2018, the General Data Protection Regulation will come into force throughout the EU. "The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC ... "
http://www.eugdpr.org/
The GDPR requires that organisations have a legal basis for processing personal data of individuals (referred to as Data Subjects). There are several bases for processing the personal data of Data Subjects, including the unambiguous consent of the Data Subject to do so. Organisations must prove that they have a legal basis for processing personal data, or otherwise face fines.
The Data Protection report in Insight is designed as an aid for schools to prove they have a legal basis to process personal data about staff, students and students' contacts (hereafter referred to as parents, although the contacts may not actually be parents). Each type of data stored by Insight is listed on the Data Protection report. The Data Controller(s) of the school can select any of the GDPR legal bases for processing that data, using the Data Protection report.
This page is accessed via:
PARS main menu > System management > Data protection
The Data Protection page
The Data Protection page in PARS lists each item of data stored by PARS, regarding various stakeholders. The Domain lists the type of person whose data is stored/process and the Field explains exactly what data is stored/processed.
At the top of the page is the Data Controller field. This is lists all of the accounts that have been given the Edit data protection settings permission, thereby making those accounts the Data Controllers within PARS. Any accounts that have been specified as Data Controllers can specify the basis for processing data, as described below.
Legal bases
Any PARS accounts that have been listed as a Data Controller will see a button with a pencil icon next to each of the fields of personal data which PARS processes. These buttons are used to select one or more of the legal bases given by the GDPR in order to lawfully process personal data.
Clicking one of these buttons will open a window listed all of the GDPR legal bases. One or more of these can be selected, and any selections/changes are saved using the button at the bottom right of the window. It is the responsibility of the school to decide which bases are relevant for each type of data processed by PARS.
Notes
If a user has any of the permissions in the System Management section, they will have access to the Data Protection page. Only the Edit data protection settings permission allows the user to make any changes to the Data Protection page.