What is the General Data Protection Regulation?
The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which determines how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data. It applied from 25 May 2018 to organisations that process or handle personal data, including schools.
It's similar to the Data Protection Act (DPA) 1998 in many ways. Most of the differences involve the GDPR building on or strengthening the principles of the DPA.
The Full General Data Protection Regulation has been published by the Council of the EU.
The UK has implemented the GDPR despite its intention to leave the EU.
Information for parents
We need to hold personal information about your child on our Management Information System, in paper records and on CPOMS, in order to help us with their educational and safeguarding needs. The Principal is responsible for their accuracy and safe-keeping. Please help to keep your child’s records up to date by informing us of any change of circumstances.
Trust central and school staff have access to your child’s records to enable them to do their jobs. From time to time information may be shared with others involved in your child’s care, if it is necessary. Anyone with access to your child’s records is properly trained in confidentiality issues and is governed by a legal duty to keep their details secure, accurate and up to date. All information about your child is held securely and appropriate safeguards are in place to prevent accidental loss.
In some circumstances we may be required by law to release your child’s details to statutory or other official bodies, for example, Children's Services, if a court order is presented, or in the case of public educational issues. In other circumstances you may be required to give written consent before information is released – such as the educational reports for insurance, solicitors etc. To ensure your child’s privacy, we will not disclose information over the telephone or via email, unless we are sure that we are talking to you - the parent/carer. Information will not be disclosed to family and friends unless we have prior written consent and we do not leave messages with others.
You have a right to see your child’s records if you wish. Please ask at the school’s office if you would like further details. An appointment will be required. Please note that there is no automatic right to see all the information held in child protection records. Information can be withheld if disclosure:
- Could cause serious harm or is likely to cause serious harm to the physical or mental health or condition of the child or another person; or
- Could reveal that the child or another person has been a subject of or may be at risk of child abuse, and the disclosure is not in the best interests of the child; or
- Is likely to prejudice an ongoing criminal investigation; or
- The information about the child also relates to another person who could be identified from it or the information has been given by another person who could be identified as the source, unless the person has consented to the disclosure or the person providing the information is an employee of the Trust.
Making a Freedom of Information or Subject Access Request
Should you require any further information, or if you wish to make a Data Subject Access Request or a Freedom of Information request, the Trust’s Data Protection Officer (DPO), can be contacted here.
You would need to specify exactly what information it is that you require, the form in the link below may help with your request and you may also be asked for two forms of identification.
A school has 20 school days or 60 working days (whichever is the shortest) to respond to a FOI request.
A school has 1 month to respond to a SAR request.