General Data Protection Regulations MAY 2018
What is it?
There is currently legislation in place that protects the data that others hold about us, this is the Data Protection Act 1998.
New broader and stronger legislation, GDPR, is due to come into force on the 25th May 2018, In this newsletter we explain what we are doing to make sure the data we hold on you is accurate, secure and compliant.
All business, organisations and schools will have to go through a very thorough process and we hope that by explaining what we are doing you will understand why there will be some changes in the way we capture information and permissions (consent) from you and why we need the information.
That said we want to reassure you that we already have very robust measures in place and this is just further enhancement to
What will happen now?
The school will need to define what data we need to gather to help us meet our obligations to your children, to promote their wellbeing, to ensure Health & Safety and to ensure that they access the best educational experience to meet their individual needs.
Most data in the school will be collected under the label of ‘Public Task’ as this will enable us to provide your child with a teaching and learning experience to meet their needs. This includes information about their age, date of birth, English fluency levels, any special educational needs and their home circumstances. We also need to share this information with other government agencies to ensure appropriate levels of funding are provided in order to meet their needs.
Within the ‘Public Task’ category we also need to collate information about parents/ carers due to the young age of our pupils to ensure you are kept adequately informed of their progress, any events your child is participating in and for any health & wellbeing needs including emergency contacts. In addition, we need to process this information to recover fees and contact you regarding any extra-curricular activities on offer.
Separately to this we would seek your ‘consent’ to contact you for processing your information for the purposes of marketing and fundraising activities such as the school website and other school publications and media. Your ‘consent’ will also be sought for taking children on trips or taking part in workshops to enhance their learning.
Under GDPR, any consent given needs to be evidenced and auditable. We are working out ways of doing this so you will only have to do it once, this may be through a form which is retained for the time your child is with us or it may be done electronically.
The above reasons for data processing are not exhaustive and we are developing a set of privacy notices that will give you more information about this, in due course these will be available from the school website.
As a school we are classed as a public authority, much of the data we gather about you or your children will be done so under this legal basis.
Therefore, we do not need a specific statutory power to process personal data, but the purposes of the use of your data must have a clear basis in law. The processing must be necessary to perform the function and for us to meet our obligations under law.
For example: A school is required to have the children’s personal data to meet our statutory duty under safeguarding legislation. We also require this data to ensure the child is in the right year group and accessing the appropriate curriculum, in addition we need to report on individual circum- stances to access funding to meet individual specific needs.
Without this data we are unable to meet our core function.
Personal data for parents is required in order to keep you informed of your child’s progress and of any concerns we may have most especially emergency contact information.
Where we need to gather other categories of data this will be explained clearly in the privacy notices coming soon.