The General Data Protection Regulation (GDPR)
As a school, we are required and need to gather data on the pupils who attend our school as they progress through the years, both to fulfil the legal obligations we have to the government and our local authority, and also to ensure that we are able to track the progress of pupils in order to identify any specific needs that they might have and then provide them with the necessary level of support they require. We also hold a certain amount of data on parents and carers to ensure that we are able to communicate with them effectively and in a timely manner.
Much of the data we hold is sensitive and we take very seriously our responsibilities under both EU and UK data protection legislation to protect that data and keep it secure. Current legislation requires us to ensure that all individuals on whom we hold data are informed of the data we hold, the legal basis on which we hold it and their individual rights. Much of this information is contained within the ‘Privacy Notices’ that we are also legally required to send out. The full text of the respective privacy notices for pupils and parents/carers, together with more detailed information can be found by clicking on the links below:
Data on pupils
Data on parents/carers
In addition, we also have policies and procedures in place to ensure that we store and transmit all data in a secure way to protect the rights and privacy of individuals. For more detailed information, please download a copy of our Data Protection Policy and SPA Secure Data Handling Policy, by clicking on the links. Alternatively, you can obtain a hard copy on request at the school office.
Under data protection legislation, individuals have the right to request access to the information we hold about them (together with other legal rights), all of which are outlined in our policy, along with information on how to go about requesting access to that data.
As with all other organisations and companies that hold data on individuals, we are required to register with the Information Commissioner’s Office (ICO), the body responsible for ensuring compliance with legislation and investigating any complaints or data breaches.
Should you have any concerns about the way we are collecting or using your personal data, we would ask that you raise them with us in the first instance by contacting Rachel Ure, who is the member of staff we have appointed as our Data Protection Officer. They can be contacted by email at firstname.lastname@example.org or, by calling 01980 634874 .
Alternatively, should you so wish, you can also contact the ICO directly and their contact details can be found on their website: https://ico.org.uk/ The ICO site also contains a lot of useful information regarding current legislation and individual rights.