POLICY STATEMENT INFORMATION
This is the Data Protection Policy of Higher Openshaw Community Primary School (“the School”)
- We are committed to processing Personal Information fairly and lawfully in accordance with the General Data Protection Regulation (“GDPR”), the Data Protection Act 2018 (“The DPA”) and other related legislation which protects Personal Information. We recognise the importance of this and have updated our Policy to ensure that it gives effect to these important changes in the law.
- As a School, it is necessary for us to process Personal Information about our staff, pupils, parent(s) / guardian(s) and other individuals who we may come into contact with. In doing so, we recognise that the correct and lawful treatment of Personal Information is critical to maintaining the confidence of those connected with our School.
- This Policy has been updated to reflect our ongoing commitment to promoting a strong culture of data protection compliance in accordance with the law.
Changes to Data Protection Legislation
New data protection legislation came into force on 25 May 2018 and replaced the UK Data Protection Act. The new General Data Protection Regulation (GDPR) provides a modernised, accountability-based compliance framework for data protection in Europe. It is intended to strengthen privacy rights in relation to personal information. The new accountability principle in Article 5(2) of the GDPR requires data controllers to demonstrate that they comply with the good practice principles set out in the Regulation, and states explicitly that this is their responsibility. The school is the data controller of the personal information you provide to us. This Notice sets out most of your rights under the new laws. Further information about the new law can be found on the Information Commissioners website: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
The categories of pupil information that we collect, hold and share include:
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Assessment information
- Relevant medical information
- Special Educational Needs information
- Exclusions / behavioural information
- Personal information (such as name, unique pupil number and address)
Why we collect and use this information
We use the pupil data:
- To support pupil learning
- To monitor and report on pupil progress
- To provide appropriate pastoral care
- To assess the quality of our services
- To comply with the law regarding data sharing
- To assist with our administration and communication systems – for example, text messaging in school.
The lawful basis on which we use this information
We collect and use pupil information in accordance with the lawful basis for collecting and using pupil information specified in the GDPR (Articles 6 and 8).
- Processing is necessary for compliance with a legal obligation – an example is Education Act 1996 census – this information can be found in the census guide documents on the following website https://www.gov.uk/education/data-collection-and-censuses-for-schools
- Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
- Explicit consent of the data subject
Collecting pupil information
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
Storing pupil data
We hold pupil data in line with the Information Records Management Society Toolkit for Schools https://c.ymcdn.com/sites/irms.site-ym.com/resource/collection/8BCEF755-0353-4F66-9877-CCDA4BFEEAC4/2016_IRMS_Toolkit_for_Schools_v5_Master.pdf
Who we share pupil information with
We routinely share pupil information with:
- Schools that pupils attend after leaving us
- Our local authority
- The Department for Education (DfE)
- Educational support system providers such as CPOMs, etc.
Why we share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so. We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring. We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information about Individual Pupils) (England) Regulations 2013.
There maybe times when we are legally required to share information about a pupil if it is considered that there is a risk of harm to that pupil. Safeguarding overides the legal guidance under GDPR. In most cases we will seek parental consent, however if this is not deemed appropriater consent will be overridden. We may also be requested by the courts or police to share information which we have a legally duty to comply with.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to: https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies. We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013. To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information. The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- Conducting research or analysis
- Producing statistics
- Providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- Who is requesting the data
- The purpose for which it is required
- The level and sensitivity of data requested: and
- The arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data. For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact the Headteacher / Data Protection Officer. You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for the purpose of direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- Claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
If you would like to discuss anything in this privacy notice, please contact: Global Policy – Data Protection Officer Email: firstname.lastname@example.org
Claire Lyons – School Data Manager Email: email@example.com