As you may not be aware, from January 2018 we have been asked to clearly clarify all the information about our procedures regarding the storage, usage and the safeguarding of all images that we take in your school.
Over the last few years we have been building a close working relationship with Pam Gartland in order to further develop our safeguarding policies and now more recently comply with the new legislation's from the government in accordance with the GDPR rules that are soon to be enforced.
What this means, is that any child on a protected register must have a signed consent before they have their photograph taken. A copy of this consent must be given to the photographer on the day. If this consent is not in place then it could be deemed a breach of their safeguarding. As a company, if we fail to comply with these new rules we maybe fined up to 20 million euros. It may also mean that schools be inflicted with a heavy fine as well.
Phototronics Scholastic now has all the relevant procedures in place. As it stands, we believe it is imperative not to photograph any child either for an individual portrait or a class group portrait that is subject to any of the above restrictions. As their image will be stored on a server and this would be a breach of the GDPR. If a child has been mistakenly photographed without consent. Then their image must deleted immediately before the photographer leaves your school.
We apologise if this causes any inconvenience to your school but we feel it necessary to bring this to your attention.If you have any concerns or you require any further information about this then please don’t hesitate in contacting either Paul, Lorraine or Nichola at our office.
We are currently reviewing all of our internal and external processes, ensuring that they are aligned to the guidelines set by the ICO. All data that is held is constantly reviewed and recorded on our internal registers enabling us to efficiently protect and manage it. We have enlisted the professional support from ADNS Group to assist us with this and confirm that we are compliant with ICO regulations.
The ADNS Group manage and maintain our infrastructure, this includes firewall, antivirus, encryption, security patching and regular reviews. Within the organisation we operate stringent HR processes when recruiting new staff, onboard training sessions and regular refresher sessions, which is further supported by operational policies and procedures.
We have regularly reviewed policies for IT Security, Data Protection and Internet Usage.
All of our systems utilise efficient security protocols. This means all user names and passwords are regularly changed and updated, data encrypted and backed up on and off site, our servers run the latest operating systems with up to date security patching, firewalls are used to restrict traffic and access to our network, we have antivirus and email spam filters and staff are reminded and constantly updated about potential threats.
Personal data is stored on our internal network, there is no remote access to these systems.