Data Protection

From the 25th May 2018 the law on data protection changed.

The General Data Protection Regulation (GDPR) is a Europe-wide law that replaces the UK Data Protection Act 1998. As an organisation that collects and processes personal data, we are required to review how we handle personal data in order to comply with the GDPR.

We already take our data protection responsibilities extremely seriously, however as part of our review we will be considering:

• What data we need from you about you and your child(ren)

• Why we need it

• What we will do with it

• Where it will be stored

• Who we may share it with, and why

• How long we will keep it for

• How we will dispose of the data

As parents, we need to you keep us updated of any changes as they happen – for example informing school of a change of contact number, address or emergency contact.  We also need to know immediately if any changes to your child’s medical or dietary needs occur, so we can ensure we are best able to meet the needs of each child in our care.  To inform us of any such changes, email the school office or write a letter your child can give to the class teacher.

Your Child’s Data…

As a school we require some essential personal data from you as parents. ‘Personal Data’ means information relating to a living individual who is, or can be identified either from the data or from the data in conjunction with other information that we may hold.  This ‘data’ can be as simple as your address, a contact phone number or any medical conditions your child may have. Such information is not only legally required by school, but ensures that your child and family are well served by the school for routine matters. We will explain how we use any personal data that we collect in our privacy statement.

In most cases, this data will be ‘processed’ and entered onto the school’s information management system. Be assured that our systems are:

• Password protected

• Restricted to those who ‘need to know’

• Regularly backed up

• Managed in accordance with the law and local guidance

However, as a school we handle and use a much wider variety of data which may include CCTV recordings, test data, referrals to external agencies and much more. We will also let you know how we manage this kind of data in our Privacy Statement. Each year, we will also produce an ‘Annual Data Statement’ which will  be available on the school website.

Sharing data…

On occasion, we may be required to pass on data to other people/agencies. The circumstances in which we would likely do so would include:

• At the request of a court of law

• Where we believe your child is at risk of harm

• When we are legally required to do so

• At the request of police services in relation to a crime

Additionally, we will share data with companies who provide essential services to school.  This is also outlined in our Privacy Policy.

We will always try to notify you that we have passed on data to somebody else. However, it is likely that on occasion time-scales may limit our ability to do this.

We may seek to collect, process and share your personal data in response to the recent outbreak of Coronavirus, which is above and beyond what would ordinarily be done so, about our staff, their dependents and the general public, to ensure their safety and well-being.  Please see the Privacy Notice for more details.

The School Duties…

The school must operate within the GDPR law. This means that the school must:

• Have a Data Protection Officer

• Have policies for the management of data

• Keep parents informed of what we ’do’ with any data

• Inform you of any breach in our data that affects you

• Respond to complaints or requests within one calendar month

Charges will be made for requests which are considered unfounded or excessive.

Data Protection Officer…

We are required to appoint a Data Protection Officer (DPO) to monitor our policies and procedures in relation to data. Diggle School’s Data Protection Officer is Justin Hardy, and communication can be made via the school office in writing or via email to dpo@oldham.gov.uk.

If you have any concerns or questions, you should read the Schools Privacy Policy in the first instance, then should your concerns not be answered, you should direct your query to the DPO in the first instance. They will help you with any requests you may have and advise you of your rights. In addition to their advice, the school website also has a number of documents for guidance as well. These include:

• The School Privacy Notice - Parents & Carers

• The School Data Protection Policy

• Data Protection Impact Assessment Policy

• School Individual Rights Policy

• Data Sharing Policy

• Subject Access Request Policy

• Record of Processing Activities

The GDPR makes some changes to the rights that you and your child have in relation to the data that we hold but much remains the same as it did under the Data Protection Act 1998. You are able to:

• Request access to the data that we hold

• Ask for it to be corrected if you believe it is inaccurate

• Withdraw consent for permissions previously given – eg Photograph use, local visit participation, and staff providing personal care

Full details of your rights and what we will do in the case of a data breach are set out in our Data Protection Policy.