Privacy and Personal Data Protection
As a responsible, forward-looking school, ACS Athens recognizes at senior levels, the need to comply with the GDPR and ensure that effective measures are in place to protect the personal data of our students, parents of students, employees and other stakeholders.
As part of meeting our legal obligations, a Privacy and Personal Data Protection Policy is available in both paper and electronic form and will be communicated within the organization and to all relevant stakeholders and interested third parties.
Commitment to the delivery of Personal Data Protection extends to senior levels of the organization and will be demonstrated through the Personal Data Protection Program and the provision of appropriate resources to establish and develop effective technical and organizational measures to ensure appropriate security for personal data.
Top management will also ensure that a systematic review of performance of the program is conducted on a regular basis to ensure that objectives are being met and relevant issues are identified through the audit program and management processes.
A risk management approach and process will be used, which is line with the requirements and recommendations of the GDPR and relevant international standards such as ISO/IEC 27001.
Risk management will take place at several levels within the organization, including:
- Assessment of risks to the achievement of our personal data protection objectives
- Regular personal data protection risk assessments within specific operational areas
- Assessment of risk as part of the change management process
- At the project level as part of the management of significant change, including Data Protection Impact Assessments (DPIAs)
We would encourage all employees and other stakeholders in our schools to ensure that they play their part in complying with the GDPR at all times and in delivering our personal data protection objectives.
Dr. Peggy Pelonis