GDPR

From the 25th May 2018 the law is changing and the new General Data Protection Regulations (GDPR) will become law. As an organisation that gathers and uses data (information) we are required to review our data handling and related procedures.

Below outlines the key changes brought about by this legal change.

In principle, with regards to data collection, we are now required to carefully consider:

  • What data we need from you
  • Why we need it
  • What we will do with it
  • Where it will be stored
  • Who we may share it with, and why
  • How will we dispose (get rid of) the data
  • How long we will keep it.

As well as telling you all these things, we are also required to tell you how you can view the data, request changes or deletions and what we will do in the case of a data breach.

Your Child’s Data
As a school we require some essential data from you as parents. This ‘data’ can be as simple and as routine as your address, a contact phone number or any medical conditions your child may have. Such information is not only legally required by the school, but also ensures that children and their families are well served by the school for routine matters.

In most cases, this data will be provided by you in written form but will then be ‘processed’ and entered onto the school’s information management system (computer system).

Be assured that our systems are:

  • Password protected
  • Restricted to those with a ‘need to know’
  • Regularly backed up externally
  • Managed in accordance with the law and local guidance

However, as a school we handle and use a much wider variety of data which may include our CCTV recordings, test data etc.

Sharing Your Data
We will always endeavour to tell you what we are doing with your data. However, on occasion we may be required to pass on data to other people / agencies. The circumstances in which we would likely do so would include:

  • At the request of a court of law
  • Where we believe your child is at risk of harm
  • Where we are legally required to do so
  • At the request of police services in relation to a crime

We will always try to notify you that we have passed on data to somebody else. However, it is likely that on occasion time-scales may limit our ability to do this.

Data Protection Officer
We are required to appoint a Data Protection Officer (DPO) to monitor our policies and procedures in relation to data. If you have any concerns or questions, you should direct them to the DPO in the first instance (contact details to be found in the privacy policy). They will help you with any requests you may have and advise you of your rights. In addition to their advice, the school website will also have a number of documents for guidance as well. These include:

  • The school Data Protection Policy
  • The school Annual Data Statement (to be added at the end of each summer term)
  • Pupil Privacy Policy

The Schools Duties
The school must operate within the law (the GDPR). This means that the school must:

  • Have a Data Protection Officer
  • Have policies for the management of data
  • Respond to requests within one calendar month
  • Keep parents informed of what we ‘do’ with any data
  • Inform you of any breach in our data that affects you

The school will not usually charge for any requests by parents. However, it would consider making a charge when requests are considered to be unfounded or excessive.

To download our Data Protection Policy, please click here.  Our privacy notice, which explains how we use pupil information, can be found here.