On May 25th 2018 the General Data Protection Regulation came into effect across the EU. It is a new law to ensure all data held and processed by organisations within the EU is secure and processed lawfully.
Public organisations, schools (and academies) are required to comply with GDPR.
The process of becoming GDPR compliant has been a long one, because it affects all aspects of the school. We now have a GDPR compliant version of our Data Protection Policy (below), with the addition of Privacy Notices for pupils.
GDPR is central to our day-to-day culture. We already highly value and protect all of our pupil, parent and staff data and will continue to do so in the presence of GDPR.
Privacy Notice (How we use pupil information)
Christ the King RC Primary School is bound by the General Data Protection Regulations in regard to handling personal and sensitive information that directly or indirectly identifies a person. This Privacy Notice and principles in this document are in accordance with the General Data Protection Regulations as of 25th May 2018.
Christ the King RC Primary School is committed to protecting the privacy of personal and sensitive information. This Privacy Notice exemplifies this commitment.
This Privacy Notice supports Christ the King Primary School’s need to collect information and the right of the individual to privacy. It ensures that Christ the King can collect personal and sensitive information necessary in accordance with guidance from the Diocese of Salford, DfE and Lancashire County Council, while recognising the right of the individual to have their information handled in ways that protect the privacy of personal and sensitive information.
The categories of pupil information that we collect, hold and share include:
- Personal information (such as name, unique pupil number and address)
- Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)
- Attendance information (such as sessions attended, number of absences and absence reasons)
- Assessment information
- Medical conditions
- Special Educational Needs and Disability
- Behaviour and exclusions
Why we collect and use this information
We use the pupil data:
- to support pupil learning
- to monitor and report on pupil progress
- to provide appropriate pastoral care
- to assess the quality of our services
- to comply with the law regarding data sharing
- to safeguard pupils
The lawful basis on which we use this information
On the 25th May 2018 the Data Protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR). The condition for processing under the GDPR will be:
- Processing shall be lawful only if and to the extent that at least one of the following applies:
(c) Processing is necessary for compliance with a legal obligation to which the controller is subject.
- Processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation shall be prohibited.
- Paragraph 1 shall not apply if one of the following applies:
(j) Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
The Education (Information about Individual Pupils) (England) Regulations 2013 – Regulation 5 ‘Provision of information by non-maintained special schools and Academies to the Secretary of State’ states ‘Within fourteen days of receiving a request from the Secretary of State, the proprietor of a non-maintained special school or an Academy (shall provide to the Secretary of State such of the information referred to in Schedule 1 and (where the request stipulates) in respect of such categories of pupils, or former pupils, as is so requested.’
The Education Act 1996 – Section 537A – states that we provide individual pupil information as the relevant body such as the Department for Education.
Children’s Act 1989 – Section 83 – places a duty on the Secretary of State or others to conduct research.
Collecting pupil information
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
Storing pupil data
We hold pupil data for the period of which the pupil remains at Christ the King RC Primary School. Child protection information is held from the pupil’s date of birth plus 25 years in agreement with the Safeguarding Children Group.
Who we share pupil information with:
We routinely share pupil information with:
- schools that the pupil’s attend after leaving us
- our local authority
- the Department for Education (DfE)
- NHS/school nurse
- Diocese of Salford
- Christ the King Roman Catholic Church / Parish of the Good Samaritan
Why we share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example, via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- conducting research or analysis
- producing statistics
- providing information, advice or guidance
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- who is requesting the data
- the purpose for which it is required
- the level and sensitivity of data requested: and
- the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Mrs Lisa Clegg at Christ the King RC Primary School, 01282 429108 or email firstname.lastname@example.org.
You also have the right to:
- object to processing of personal data that is likely to cause, or is causing, damage or distress
- prevent processing for the purpose of direct marketing
- object to decisions being taken by automated means
- in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- claim compensation for damages caused by a breach of the Data Protection regulations
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
We have CCTV in operation around the school in order to maintain a safe and secure environment for our children.