On May 25th 2018 the General Data Protection Regulation came into effect across the EU. It is a new law to ensure all data held and processed by organisations within the EU is secure and processed lawfully.
For further information about GDPR, please click here to visit the ICO website
Public organisations, schools (and academies) are required to comply with GDPR.
The process of becoming GDPR compliant has been a long one, because it affects all aspects of the school. We now have a GDPR compliant version of our Data Protection Policy (below), with the addition of Privacy Notices for pupils.
GDPR is central to our day-to-day culture. We already highly value and protect all of our pupil, parent and staff data and will continue to do so in the presence of GDPR.
Privacy Notice (How we use pupil information)
Christ the King RC Primary School is bound by the General Data Protection Regulations in regard to handling personal and sensitive information that directly or indirectly identifies a person. This Privacy Notice and principles in this document are in accordance with the General Data Protection Regulations as of 25th May 2018.
Christ the King RC Primary School is committed to protecting the privacy of personal and sensitive information. This Privacy Notice exemplifies this commitment.
This Privacy Notice supports Christ the King Primary School’s need to collect information and the right of the individual to privacy. It ensures that Christ the King can collect personal and sensitive information necessary in accordance with guidance from the Diocese of Salford, DfE and Lancashire County Council, while recognising the right of the individual to have their information handled in ways that protect the privacy of personal and sensitive information.
The categories of pupil information that we collect, hold and share include:
Why we collect and use this information
We use the pupil data:
The lawful basis on which we use this information
On the 25th May 2018 the Data Protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR). The condition for processing under the GDPR will be:
Article 6
(c) Processing is necessary for compliance with a legal obligation to which the controller is subject.
Article 9
(j) Processing is necessary for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes in accordance with Article 89(1) based on Union or Member State law which shall be proportionate to the aim pursued, respect the essence of the right to data protection and provide for suitable and specific measures to safeguard the fundamental rights and the interests of the data subject.
The Education (Information about Individual Pupils) (England) Regulations 2013 – Regulation 5 ‘Provision of information by non-maintained special schools and Academies to the Secretary of State’ states ‘Within fourteen days of receiving a request from the Secretary of State, the proprietor of a non-maintained special school or an Academy (shall provide to the Secretary of State such of the information referred to in Schedule 1 and (where the request stipulates) in respect of such categories of pupils, or former pupils, as is so requested.’
The Education Act 1996 – Section 537A – states that we provide individual pupil information as the relevant body such as the Department for Education.
Children’s Act 1989 – Section 83 – places a duty on the Secretary of State or others to conduct research.
Collecting pupil information
Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.
Storing pupil data
We hold pupil data for the period of which the pupil remains at Christ the King RC Primary School. Child protection information is held from the pupil’s date of birth plus 25 years in agreement with the Safeguarding Children Group.
Who we share pupil information with:
We routinely share pupil information with:
Why we share pupil information
We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.
We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.
We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example, via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The National Pupil Database (NPD)
The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.
The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit: https://www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe
Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Mrs Lisa Clegg at Christ the King RC Primary School, 01282 429108 or email admin@king-pri.lancs.sch.uk.
You also have the right to:
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/
We have CCTV in operation around the school in order to maintain a safe and secure environment for our children.