General Data Protection Regulation

What is GDPR?

GDPR stands for: General Data Protection Regulation.  Although the school has been working in line with the Data Protection Act from 1998, new regulations in relation to your personal data come into effect from 25th May 2018.  Stamford Park Infant School will ensure that personal data is protected and kept safely and securely.  It will ensure that its policy for data protection is used as the basis for collecting, storing, accessing, sharing and deleting personal data.  The school will use the General Data Protection Regulations (GDPR) as the benchmark for its standard for protecting personal data.

Objectives

1. To ensure that decision makers and key people in school comply with the statutory changes to the GDPR which will officially come into force in May 2018.
2. To ensure that there will be regular reviews and audits of the information we hold to ensure that we fully meet the GDPR statutory requirements.
3. To document the personal data we hold, where it came from and with whom it will be shared.
4. To ensure that data collection, data handling, data storage and data disposal procedures are in line with the GDPR and cover all the rights individuals have, including how personal data is deleted and destroyed.

Strategies

1. Data access request procedures will handled within the timescales set out in the GDPR and we provide any additional information in line with the GDPR guidance.
2. The processing of personal data will be carried out on a lawful basis as required by the GDPR.
3. Where the school needs to seek consent, it will do so in a manner that meets GDPR standards.
4. Any records of consent and the management of the process for seeking consent will also meet the GDPR standard.
5. Where there is a personal data breach the procedures used to detect, report and investigate it will meet the requirements of the GDPR.
6. The systems the school puts into place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity will meet the standard set in the GDPR.
7. Data protection by design and data protection impact assessments will meet with the ICO’s code of practice on privacy impact assessments as well as with the latest guidance.
8. The school will have a Data Protection Officer who will be given responsibility for data protection compliance.
9. When the school requests data we will provide appropriate privacy notices to explain why data is being and the purposes for which it is used.

Why does the school keep information about you (parent/carer/guardian) or your child?  

The whole school team need to make sure that you and your child receives the best education, care and support we can provide. We gather, store and use personal information to help us to achieve this.

Most personal information is used within school to help plan and deliver excellent quality care and education every day.

What personal information about your child is collected?  

• Personal details: name, date of birth, address, ethnicity, home language, religion, gender
• GP/Health information
• Accessibility needs
• Medical and Health Care needs
• Dietary information
• Attendance and punctuality at school
• Previous school/pre-school information
• Records about education, health, well-being
• Pupil Attainment and Progress information
• Assessment/test outcomes
• Results of assessments by external agencies, e.g. social services, educational psychologist, speech therapist, school nurse, special needs services, health professionals, Looked After Children/Adoption agencies
• Safeguarding information
• Photographs

What personal information about you (parent/carer/guardian) is collected? 

• Personal details: name, address, ethnicity, home language, religion, gender
• Contact details – telephone, email
• Accessibility needs (only where relevant)
• Medical and Health Care needs (only where relevant)
• National Insurance number (for the purpose of checking eligibility for Pupil Premium Funding only)
• Information from external agencies (only where relevant), e.g. social services, health professionals, Looked After Children/Adoption agencies
• Safeguarding information
• Photographs (e.g. at social events, CCTV)

What are we going to do with personal information?   

Your information, and your child’s information, is used to make sure that the school teams have accurate and up-to-date information, to inform our provision - enabling us to assess and plan the best care, well-being and educational provision for your child.

We use personal information when we are seeking additional support, specialised support, funding, and care (only with your consent).

How will we keep your information secure and confidential? 

All members of the school workforce (staff) have a legal duty to keep information about you and your child confidential (unless in extreme circumstances where your safety, your child’s or somebody else’s safety is compromised).

The school has a code of confidentiality which all staff must adhere to.

We use a range of systems which insist upon encryption, password protection and verification to keep information secure.

The law and your personal information  

There are many government policies and Acts of Parliament which require schools to report certain personal information to other organisations.

The school will not disclose personal information about you or your child without your permission/consent, unless required by law to do so.

Outcomes

 The requirements of the GDPR will be met by this school as the basis for collecting, storing, accessing, sharing and deleting personal data. Data will be processed fairly lawfully and in a transparent manner. It will be used for specified, explicit and legitimate purposes in a way that is adequate, relevant and limited. It will be accurate and kept up to date and kept no longer than is necessary. Data will be processed in a manner that ensures appropriate security of the data.