A former Head Teacher has been fined after it was discovered he had illegally obtained information from two primary schools he had previously worked at.
General Data Protection Regulation (‘GDPR’) | Kangs GDPR Advisors
The law governing data protection in the UK changed drastically in May 2018 when GDPR came into effect.
GDPR will continue to apply after the UK leaves the EU to the extent that any business offering goods or services to citizens based within the EU will be subject to the parameters set out by GDPR.
The Circumstances | Kangs GDPR Advisory Team
- The former Head Teacher had obtained information from two primary schools he had previously worked at.
- Following his suspension, an IT audit revealed large volumes of sensitive personal data that he had removed from his previous schools.
- It was deemed that he had no lawful reason to possess such information with the consequence that he was in breach of GDPR.
- He appeared before Ealing Magistrates’ Court and pleaded guilty to two offences of unlawfully obtaining personal data.
- He was fined £700, ordered to pay £364.08 costs and a victim surcharge of £35.
Official Comment | Kangs GDPR Offences Defence Solicitors
Mr Mike Shaw of the Information Commissioner’s Office Criminal Investigation Group Manager, said:
“Children and their parents or guardians have the right to expect that their personal data is treated with respect and that their legal right to privacy is adhered to.
A head teacher holds a position of standing in the community and with that position comes the added responsibility to carry out their role beyond reproach. The ICO will continue to take action against those who we find have abused their position of trust.”
How Can We Help? | Kangs National Criminal Defence Solicitors
Under GDPR, service providers processing personal data on behalf of other businesses become directly liable to individuals for a breach of data security.
This is an alteration from the previous legislation whereby service providers could be held directly liable and data processors were completely liable for any non–compliance. However it should be noted that the contract between the data controller and data processor may contain separate conditions between them.
The requirements of the new Regulations are extremely stringent and the fines for breach are, potentially, extremely substantial. The new Regulations are very technical and complicated and many companies/businesses/individuals fail to recognise the extent to which their daily activities are affected and require expert guidance as to compliance with the new Regulations.
Who Can I Contact? | Kangs GDPR Solicitors
Should you wish to discuss anything in this article please do not hesitate to contact us through any of the following: