From the 25th May 2018 the law on data protection is changing.
The new General Data Protection Regulation (GDPR) is a new, Europe-wide law that replaces the UK Data Protection Act 1998. As an organisation that collects and processes personal data, we are required to review how we handle personal data in order to comply with the GDPR.
We already take our data protection responsibilities extremely seriously, however as part of our review we will be considering:
- What data we need from you about you and your child(ren)
- Why we need it
- What we will do with it
- Where it will be stored
- Who we may share it with, and why
- How long we will keep it for
- How we will dispose of the data
As parents, we need to you keep us updated of any changes as they happen – for example informing school of a change of contact number, address or emergency contact. We also need to know immediately if any changes to your child’s medical or dietary needs occur, so we can ensure we are best able to meet the needs of each child in our care. To inform us of any such changes, email the school office or write a letter your child can give to the class teacher.
Your Child’s Data…
As a school we require some essential personal data from you as parents. ‘Personal Data’ means information relating to a living individual who is, or can be identified either from the data or from the data in conjunction with other information that we may hold. This ‘data’ can be as simple as your address, a contact phone number or any medical conditions your child may have. Such information is not only legally required by school, but ensures that your child and family are well served by the school for routine matters. We will explain how we use any personal data that we collect in our privacy statement.
In most cases, this data will be ‘processed’ and entered onto the school’s information management system. Be assured that our systems are:
- Password protected
- Restricted to those who ‘need to know’
- Regularly backed up
- Managed in accordance with the law and local guidance
However, as a school we handle and use a much wider variety of data which may include CCTV recordings, test data, referrals to external agencies and much more. We will also let you know how we manage this kind of data in our Privacy Statement. Each year, we will also produce an ‘Annual Data Statement’ which will be available on the school website.
On occasion, we may be required to pass on data to other people/agencies. The circumstances in which we would likely do so would include:
- At the request of a court of law
- Where we believe your child is at risk of harm
- When we are legally required to do so
- At the request of police services in relation to a crime
We will always try to notify you that we have passed on data to somebody else. However, it is likely that on occasion time-scales may limit our ability to do this.
The School Duties…
The school must operate within the GDPR law. This means that the school must:
- Have a Data Protection Officer
- Have policies for the management of data
- Keep parents informed of what we ’do’ with any data
- Inform you of any breach in our data that affects you
- Respond to complaints or requests within one calendar month
Charges will be made for requests which are considered unfounded or excessive.
Data Protection Officer…
We are required to appoint a Data Protection Officer (DPO) to monitor our policies and procedures in relation to data. Diggle School’s Data Protection Officer is Garrie Smith, and communication can be made via the school office either in writing or via email.
- The school privacy notice – parents and carers
- The school Data Protection Policy This is a DRAFT policy and will be finalised at the next Full Governors meeting.
- The school Annual Data Statement
- Data Complaints and Amendments Policy
The GDPR makes some changes to the rights that you and your child have in relation to the data that we hold but much remains the same as it did under the Data Protection Act 1998. You are able to:
- Request access to the data that we hold
- Ask for it to be corrected if you believe it is inaccurate
- Withdraw consent for permissions previously given – eg Photograph use, local visit participation, and staff providing personal care
Full details of your rights and what we will do in the case of a data breach are set out in our Data Protection Policy