GDPR - General Data Protection Regulations (International)
On 25th May 2018 the EU General Data Protection Regulation (GDPR) will be introduced, which provides individuals with enhanced rights, and imposes increased responsibilities on organisations processing personal data. This statement applies under both the DPA and GDPR. These regulations apply to PSI as we have EU students enrolled.
Data Protection Act 2010 (Ukraine)
The Data Protection Act 2010 Ukraine (DPA) regulates the processing of personal data in any format by PSI, including both digital and hard copy personal data and all other formats. 'Personal data' is any information relating to a living individual, and 'processing' is any activity carried out involving personal data, including holding and storing it.
PSI (and all CEESA Schools) are establishing policies and procedures governing the collection and release of parent and student data that will be provided to parents in the future at the application and annual 'intentions to return' stages. This includes information about how parent and student data is used, where it is kept, who has access to it and when it can be supplied by PSI to the external / third parties (including other school families).
Current GDPR Developments
PSI is currently working on the following development projects to ensure that we are fully compliant with GDPR and local regulations;
- Undertaking a Data Risk Assessment
- Developing a Data Organisational Chart
- Establishing a Data Control Officer
- Developing Policies and Procedures accordingly