Data Protection Regulations & Information Sharing
On the 23rd May 2018 the Data Protection Act 2018 received royal assent and on the 25th May 2018 the GDPR became law in the UK. These two pieces of legislation have changed the way that organizations are accountable for the data they hold and it strengthens the rights available to citizens.
As schools we collect and process a great deal of data about you, your child, and our own staff, and we must ensure that we have robust procedures for doing so.
Some data we collect we are legally obliged to hold and process, so we do not need your permission for doing so.
However, some data we collect is to facilitate certain systems, for example communication through Squid or Class Dojo. As there is no legal requirement to use these particular systems, we need to have your specific permission for each system in order to be compliant. The system of ‘presumed consent’ is no longer sufficient.
For example:
- We do not need your permission to collect data for our School Information Management System (SIMS), dates of birth, addresses, academic data and to create and maintain a pupil record. Any system that is integral to providing an education and keeping children safe the lawful basis for that system is one of legal obligation.
- We do however need your permission to collect data for using on Class Dojo. This type of system is ‘nice to have’ rather than a system that is absolutely necessary. For these systems that mostly cover social media, photographs / videos and interactions with parents, the legal basis for those systems is one of consent.
There are some information forms for completion for which we do not need your permission, but we do need to collect the information to run the school, provide an education and keep children safe.
We also ask you to complete consent forms which we need you to complete to ensure we have the requisite permissions.
We also ask you to complete forms we need you to sign to give your agreement/consent to activities.
When you complete the online forms we will then store data securely, and destroy it when it is no longer required.
Personal data will be used and shared for a variety of purposes that Clase Primary considers to be of benefit to pupils including (but not restricted to) monitoring academic performance, statistical reporting, awarding qualifications and provision of services. Clase Primary complies with the ‘Data Sharing Code of Practice’:
https://ico.org.uk/media/fororganisations/documents/1068/data_sharing_code_of_practice.pdf
Please see our school website, privacy notices in your admission pack and / or www.ico.gov.uk for further information.
Privacy Notice for Clase Primary School
Our postal address is: Clase Primary School, Rheidol Avenue, Clase, Swansea, SA6 7JX.
Our website address is: www.claseprimaryschool.co.uk
Issues of how data is handled are dealt with by the Headteacher or the School’s Data Protection Officer : Mr Kim Collis, City & County of Swansea.
As a public authority, we must comply with all relevant legislation relating to data handling. The Information Commissioner’s Office (ICO) is the supervisory authority in the United Kingdom established to ensure that your data rights are upheld.
Categories of personal data we hold
Obtaining, recording, holding and dealing with personal information is known as ‘processing’.
As a school the vast majority of information we collect is about our pupils but we do also hold key information needed about parents / guardians and staff members.
Generally, a school file may include: -