GDPR - General Data Protection Regulation
Our school has always had a Data Protection policy but the law has changed which requires all companies and government institutions to abide by new data protection regulations. The new regulations are meant to make quite clear to people what data is held about them by organisations and give a reason as to why. This list of information is given by way of a Privacy Notice. This video from the Information Commissioner's Office (ICO) helps to clarify 'what is data?'.
The document at the bottom of this page runs through some general information regarding GDPR and what it means. This video might help to explain it too.
In a school, most of the information we hold on our students and their familes is required of us by the Department of Education. Personal data is defined by GDPR as data that relates to an identified or identifiable living individual. This personal data falls into two categories:
- Special Category Personal Data - these are items of information about people which are highly sensitive. GDPR specifically defines them as data relating to:
- racial or ethnic origin
- political opinions
- religious or philosophical beliefs
- trade-union membership
- health or sex life.
Data relating to criminal offences is also afforded similar special protection.
- Personal data - all other data items related to an individual are termed 'personal data'. These are data items such as an attendance mark, an email address or an examination result.
Some of the data is used to work out whether additional payments can be made to the school budget to support the work that schools do for their students. Other information, such as assessment data, is to show what level of attainment our students are achieving at certain times throughout their school life, for example at the end of Year 2 or Year 6 (SATs).
We also highlight to you at regular intervals that your child's image could be used to appear on our website or social media tweets when they are taking part in school activities. We regularly ask you to confirm your continuing consent to this and it is your right to refuse, or at any time to let us know you may have decided that this is no longer appropriate and wish the photographs to be removed.
We have clearly identified that we use CCTV throughout our school public areas to ensure the safety of children and staff. This footage is kept on a hard drive for 30 days and then erased by taping over.
We also retain information about children to help keep them safe in school; for example, details of medical conditions and what we should do in certain circumstances. GDPR does not prevent or limit the sharing of information for the purposes of keeping children safe. Legal and secure information sharing between schools, Children's Social Care, and other local agencies, is essential for keeping children safe and ensuring they get the support they need. Information can be shared without consent if to gain consent would place a child at risk.
You, as parents and carers, and any child over the age of 13 years, has the right to ask to see the information that is held on them. Parents and carers of children under 13 may request the right on their child's behalf. The school must provide this within a set period of time. There is a Data Access Request form at the bottom of this page should you wish to do this.
The school is also held accountable by the Information Commissioner's Office and must adhere to certain rules and regulations in order to keep data safe. For example, by making sure our computer network is fully protected and by encrypting our email correspondence. We, in turn, hold our suppliers accountable too so that any information they hold on our behalf must also be secured using the same rules.
At the bottom of this page there are a number of documents which explain our policies regarding the use and protection of your data:
- Privacy Notices for parents and for children
- Data Access request Form
- Privacy Notice links to third party companies who hold data on our school community
- Current Acceptable Use Agreements which includes photographic consent - to be reissued and renewal of consent to be sought in September 2018
- Data Retention Policy to be ratified at the next governor's meeting
- Current Data Protection Policy - to be updated
- Current Freedom of Information Policy - to be updated
- Draft CCTV Policy to be ratified at the next governor's meeting
- Information poster for parents