What is UK-GDPR?
UK-GDPR stands for General Data Protection Regulation.
UK-GDPR replaced the provisions of the European GDPR when the UK left the European Union.
What does this mean for schools?
Schools handle a large amount of personal data. This includes information on pupils, such as assessment information, medical information, images and much more. Schools will also hold data on school staff, governors, volunteers etc.
Schools will also handle what the UK-GDPR refers to as sensitive data, which is subject to tighter controls. This could be details on race and ethnic origin for example.
What is personal data?
The UK-GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified.
This definition provides for a wide range ways in which a person can be identified including name, identification number, location data or online identifier.
The UK-GDPR applies to both automated personal data and to manual filing systems where personal data is accessible according to specific criteria.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
Schools need to ensure data is:
- Processed lawfully, fairly and in a transparent manner in relation to individuals;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
The data controller (i.e. Silkstone Common J & I School) shall be responsible for, and be able to demonstrate, compliance with the principles.
As every school collates, processes and shares data about pupils, please find information regarding our privacy notices and policies.
What is a Privacy Notice?
A Privacy Notice is a statement issued by an organisation which explains how personal and confidential data about individuals is collected, used and shared.
As the school collates processes and shares data about pupils, please find information regarding our privacy policies.
Our GDPR policy is on the policies page.
Our Data Protection Officer is Mr Tim Pinto. Email email@example.com
The Governor responsible for GDPR is Mrs J Fleming
Due to Covid 19, personal data of employees, parents or visitors to school may be shared with NHS/Public Health Agencies where relevant to the Covid pandemic.
As a school we may be required to share personal date of individuals under the 'Track and Trace' scheme.