Data Protection and the GDPR – January 2021

As the UK transitional arrangements expired on 31 December 2020, there are some practical changes for Data Protection and the GDPR.

To comply with the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 please note that every policy, notice and procedural guide that refers to ‘GDPR’ shall now be read as ‘UK GDPR’.

The rights, responsibilities and data protection that the Data Protection Act 2018 and the GDPR are not changed. Our procedures and arrangements will not change.

If you have any queries please contact the Headteacher.

Our Data Protection Lead is Mrs S Kavanagh, Headteacher.

Privacy Notice – Pupil Data

Introduction

As a school we collect a significant amount of information about our pupils. This notice explains why we collect the information, how we use it, the type of information we collect and our lawful reasons to do so.

Why do we collect data?

We collect and use pupil data to:-

• Fulfil our statutory obligations to safeguard and protect children and vulnerable people
• Enable targeted, personalised learning for pupils
• Manage behaviour and effective discipline
• Monitor our effectiveness
• Comply with our legal obligations to share data
• Support pupils to fulfil their potential
• Keep pupils, parents and carers informed about school events and school news

Our Legal Obligations

We must make sure that information we collect and use about pupils is in line with the GDPR and Data Protection Act. This means that we must have a lawful reason to collect the data, and that if we share that with another organisation or individual we must have a legal basis to do so.

The lawful basis for schools to collect information comes from a variety of sources, such as the Education Act 1996, Regulation 5 of The Education (Information About Individual Pupils) (England) Regulations 2013, Article 6 and Article 9 of the GDPR.

The Department for Education and Local Authorities require us to collect certain information and report back to them. This is called a ‘public task’ and is recognised in law as it is necessary to provide the information.

We also have obligations to collect data about children who are at risk of suffering harm, and to share that with other agencies who have a responsibility to safeguard children, such as the police and social care.

We also share information about pupils who may need or have an Education Health and Care Plan (or Statement of Special Educational Needs). Medical teams have access to some information about pupils, either by agreement or because the law says we must share that information, for example school nurses may visit the school.

Counselling services, careers services, occupational therapists are the type of people we will share information with, so long as we have consent or are required by law to do so.

We must keep up to date information about parents and carers for emergency contacts.

How we use the data.

In school we also use various third party tools to make sure that pupils best interests are advanced. We also record details about progress, attainment and pupil development to support future planning and learning. We use software to track progress and attainment.

We use data to manage and monitor pastoral needs and attendance/absences so that suitable strategies can be planned if required.  Financial software to manage school budgets may include some basic pupil data.

Data can be used to monitor school effectiveness, the impact of intervention and learning styles across groups of pupils as well as individual children.

We may use consultants, experts and other advisors to assist the school in fulfilling its obligations and to help run the School properly. We might need to share pupil information with them if this is relevant to their work.

We also use contact information to keep pupils, parents, carers up to date about school events.

What type of data is collected?

The DfE and government require us to collect a lot of data by law, so that they can monitor and support schools more widely, as well as checking on individual schools effectiveness.

The categories of pupil information that the school collects, holds and shares include the following:

• Personal information – e.g. names, pupil numbers and addresses
• Characteristics – e.g. ethnicity, language, nationality, country of birth and free school meal eligibility
• Attendance information – e.g. number of absences and absence reasons
• Assessment information – e.g. national curriculum assessment results
• Relevant medical information and social care
• Information relating to SEND and health needs
• Behavioural information – e.g. number of temporary exclusions

Photos and video recordings are also personal information.

The National Pupil Database (NPD)

The NPD is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.

We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the school census and early years’ census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To find out more about the pupil information we share with the department, for the purpose of data collections, go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

To find out more about the NPD, go to https://www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information.

The department may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:

• conducting research or analysis
• producing statistics
• providing information, advice or guidance

The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:

• who is requesting the data
• the purpose for which it is required
• the level and sensitivity of data requested: and
• the arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.

For more information about the department’s data sharing process, please visit:

https://www.gov.uk/data-protection-how-we-collect-and-share-research-data

For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received

To contact DfE: https://www.gov.uk/contact-dfe

Requesting access to your personal data

Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Mrs S Kavanagh, Headteacher at admin@parkhouse.derbyshire.sch.uk.

You also have the right to:

• object to processing of personal data that is likely to cause, or is causing, damage or distress
• prevent processing for the purpose of direct marketing
• object to decisions being taken by automated means
• in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
• claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at https://ico.org.uk/concerns/

Contact:

If you would like to discuss anything in this privacy notice, please contact Mrs S Kavanagh, Headteacher at admin@parkhouse.derbyshire.sch.uk.

More information about Data Protection and Our Policies

How we manage the data and our responsibilities to look after and share data is explained in our Data protection Policy, and connected policies, which are also available on our website.

If you feel that data about your child is not accurate, or no longer needed please contact the schools office. Our complaints policy explains what to do if there is a dispute. Subject Access Requests are dealt with by the specific policy on the website.

Consent

As a school we will seek consent from staff, volunteers, young people, parents and carers to collect and process their data. We will be clear about our reasons for requesting the data and how we will use it. There are contractual, statutory and regulatory occasions when consent is not required.

However, in most cases data will only be processed if explicit consent has been obtained.

Consent is defined by the GDPR as “any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

We may seek consent from young people also, and this will be dependent on the child and the reason for processing.

Consent and Renewal

On the school website we have ‘Privacy Notices’ that explain how data is collected and used. It is important to read those notices as it explains how data is used in detail.

Obtaining clear consent and ensuring that the consent remains in place is important for school. We also want to ensure the accuracy of that information.

For Pupils and Parents/Carers

On arrival at school you will be asked to complete a form giving next of kin details, emergency contact and other essential information. We will also ask you to give consent to use the information for other in school purposes, as set out on the data collection/consent form.

We review the contact and consent form on an annual basis. It is important to inform school if details or your decision about consent changes. A form is available.

Pupil consent procedure

Where processing relates to a child under 16 years old, school will obtain the consent from a person who has parental responsibility for the child.

Pupil’s may be asked to give consent or to be consulted about how their data is obtained, shared and used in certain situations.

Withdrawal of Consent

Consent can be withdrawn, subject to contractual, statutory or regulatory constraints. Where more than one person has the ability to provide or withdraw consent the school will consider each situation on the merits and within the principles of GDPR and also child welfare, protection and safeguarding principles.

Please complete the appropriate form.