Pope John XXIII Catholic Multi Academy Company takes the privacy of its pupils, parents, suppliers, customers and employees very seriously. In order to be compliant with the upcoming General Data Protection Regulation (GDPR) requirements, Pope John XXIII Catholic Multi Academy Company has initiated a GDPR Compliance Programme with the
assistance of a third party compliance advisor, and other external ICT experts. This Programme allows us to take all necessary steps in order be ready for the new privacy legislation by 25 May 2018.
Pope John XXIII Catholic Multi Academy Company will comply with the GDPR both in its capacity as a Processor and a Controller. Pope John XXIII Catholic Multi Academy Company is committed to take all necessary steps to be compliant with GDPR in time.
As part of our GDPR Compliance Programme, we have - in conjunction with third party compliance and other external ICT experts - conducted a data mapping exercise and assessed our current compliance levels against the GDPR requirements. We are currently in the process of implementing all necessary actions in order to become GDPR compliant. This includes, among others:
Setting up a Data Inventory;
Reviewing our internal and external procedures and policies;
Implementing new procedures and policies where necessary;
Reviewing and amending our current agreements with parents, pupils, suppliers, customers and employees to be GDPR compliant;
Reviewing and implementing technical and organisational (security) measures to enable us to meet compliance and regulatory requirements;
Updating procedures to allow us to handle subject access requests in accordance with the GDPR requirements.