Data Protection Regulations

The General Data Protection Regulations (GDPR) defines UK law on the processing of data on identifiable living people. It is the main piece of legislation that governs the protection of personal data in the UK. Personal information is information about a living individual, who can be identified from the information. High Ercall Primary School and Telford & Wrekin Council is committed to protecting the privacy of individuals and handles all personal information in a manner that complies with the GDPR. New regulations for GDPR come into force on 25th May 2018. High Ercall Prmary School is working with the Local Authority to ensure compliance.

 

The GDPR principles state that personal information must:

 

Be processed fairly, lawfully and transparently

Obtained for a specified, explicit and legitimate purpose

Be adequate, relevant and limited to what is necessary

Be accurate and where necessary up to date

Not be kept longer than is necessary

Be handled ensuring appropriate security

When personal information is collected, for example on a questionnaire, survey or an application form, the ‘data subject’ (that is the person who the information is about) must be told. This is known as a Privacy Notice.

The categories of pupil information that we process include:

 

  • personal identifiers and contacts (such as name, photograph, unique pupil number, contact details and address)

  • characteristics (such as ethnicity, language, and free school meal eligibility)

  • safeguarding information (such as court orders and professional involvement)

  • special educational needs (including the needs and infomration from other professionals)

  • medical and administration (such as doctors information, child health, dental health, allergies, medication and dietary requirements)

  • attendance (such as sessions attended, number of absences, absence reasons and any previous schools attended)

  • assessment and attainment (such as key stage 1 and phonics results, internal data and key stage 2 SAT results)

  • behavioural information (such as exclusions and any relevant alternative provision put in place)

 

We collect and use pupil information, for the following purposes:

  1. to support pupil learning

  2. to monitor and report on pupil attainment and progress

  3. to provide appropriate pastoral care

  4. to assess the quality of our services

  5. to keep children safe (food allergies, medical information or emergency contact details)

  6. to meet the statutory duties placed upon us for DfE data collections

  7. to share aspects of learning with stakeholders

 

Under the General Data Protection Regulation (GDPR), the main lawful bases we rely on for processing pupil information are:

 

Article 6

Condition 1(a) where you provide consent for example to use student images

Condition 1(b) to enable us to complete a service you have asked for

Condition 1 (c) to comply with our legislative requirements including:

o Section 537A of the Education Act 1996

o the Education Act 1996 s29(3)

o the Education (School Performance Information)(England) Regulations 2007

o regulations 5 and 8 School Information (England) Regulations 2008

o the Education (Pupil Registration) (England) (Amendment) Regulations 2013

 Condition 1(d) to protect the vital interests of students and parents by processing relevant medical information

 

Article (9) for Special Category Information:

Condition 2(a) - Explicit consent has been given

Condition 2 (c) – Protect the vital interests of a student

Condition 2 (g) – Necessary for reasons of substantial public interest

 

When collecting personal data we will provide the legal basis upon which the processing is based at the point of collection.

 

 

Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the headteacher, Mrs Sarah Roberts, or administrator, Mrs Mavis Whiteley.

 

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress

  • prevent processing for the purpose of direct marketing

  • object to decisions being taken by automated means

  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and

  • a right to seek redress, either through the ICO, or through the courts

     

If you have a concern or complaint about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

 

Contact

We request that parents contact the school office when aspects of personal data have changed. It is the repsonsibility of parents to notify us of such changes or changes to any consentual data such as the use of photographs.

Please notify Mrs Whiteley, in the school office, or Mrs Roberts, Headteacher.

The Local Authority Information Governance Service operates as our Data Protection Officer: Robert Montgomery / Sue Wright.

 

PLEASE NOTE NEW POLICIES WILL BE AGREED AT THE NEXT GOVERNORS COMMITTEE MEETING AND WILL BE AVAILABLE AFTER 13TH JUNE.