General Data Protection Regulations (GDPR)

Following the Data Protection Act 1998, the new General Data Protection Regulation (GDPR) 2018 came into force on 25 May 2018. It applies to anyone who processes, stores or is the subject of personal data.

In collecting, using, storing and disposing of data, The Evolve Trust will comply with the requirements of the GDPR that govern the processing of personal data.

What is a personal data breach?

A security incident that has affected the confidentiality, integrity or availability of personal data, examples below:

USB sticks being lost or stolen
Sending confidential attachments containing personal data to the wrong email recipient
A computer virus which wipes a hard drive which has not been backed up
An attack into our IT network where there are files containing personal data which have been accessed
Accidental disclosure of student records
A staff member accidentally sending an email to pupils in year 9 rather than to teaching staff of year 9

Suspect a Data Breach?

If there has been an incident which resulted in a potential breach of personal data, it is imperative that it is reported immediately.

In most cases it is not necessary for the trust to file a report with the ICO, and the incident (often called a 'near miss') can be managed internally, however, it is important that this decision is made by the Data Breach Committee.

If you are unsure if the incident is indeed a breach, it would be best to submit a report anyway, for the Committee to review.

If you suspect a potential breach, please download and complete the Data Breach Report Form and return it to GDPRbreach@evolvetrust.org as soon as possible.

Data Breach Report Form

Please include as much detail as possible so that, if required, action can be taken immediately following receipt of the report.

Our DPO

Alex Walker is the Data Protection Officer for The Evolve Trust. Alex can be contacted via email for any help and guidance needed around GDPR (DPO@evolvetrust.org)