StudySmart needs to hold and process minimum amounts of personal data about its students, employees, tutors and other individuals in order to carry out its business and administrative functions. This data is subject to the Data Protection Act 2472/1997 (the Act) and the European General Data Protection Regulation (GDPR) and concerns all administrative and academic areas within StudySmart.
StudySmart must ensure that it fully complies with the provisions of this legislation. It is important that all staff members who work with personal data familiarise themselves with the Act's data protection principles and our obligations. Failures or weaknesses in our processing of personal data can result in significant harm and distress to individuals who may be affected and may also cause significant reputational damage to StudySmart.
This website has been designed to provide guidance on data protection for StudySmart staff, tutors and students who are involved in the handling of personal data and are designed to develop a better understanding of StudySmart’s obligations under the Data Protection Act and GDPR among our staff and tutors.
General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) will come into force on 25th May 2018 and will replace the existing Data Protection Act (1998). We all create, gather, store and process a number of basic data on a variety of data subjects such as students, staff, tutors and customers. It is important that every member of StudySmart staff and tutors understands the law in relation to data protection and staff responsibilities and ensuring that data is secured and protected in line with the law.
Many of the principles under GDPR are the same as or similar to the current Data Protection Act 2472/1997 but there is much more emphasis now placed on process and documentation.
A new GDPR Policy and Guidance have been produced. As there are still some areas of the legislation that have not been finalised the Policy and Guidance will be kept under review over the coming months. The current versions are available here:
Individuals have a number of rights in relation to your personal data including;
a right of access to a copy of the information comprised in their personal data;
a right to object to processing that is likely to cause or is causing damage or distress;
a right to prevent processing for direct marketing;
a right to object to decisions being taken by automated means;
a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
a right to claim compensation for damages caused by a breach of the Act.
If you wish to exercise one of your rights in relation to your personal data please contact: email@example.com. Please note if you are seeking access to our personal data (a Subject Access Request), then you can use our request for personal data access form to help structure your request.
There are also a number useful external resources available which provide an overview of the forthcoming changes.
A full cross-referenced copy of the GDPR text
The Article 29 Working Party (a group of all EU data protection supervisory authorities) have produced guidance on a number of different areas relating to GDPR
Bird & Bird's guide to GDPR summarises the key changes that the new law will bring and highlights the most important actions which organizations should take in preparing to comply with it.
If you have any queries regarding data protection or the implementation of GDPR please contact firstname.lastname@example.org.