GDPR-Privacy Notice

What is GDPR?

The General Data Protection Regulation (EU) 2016/679 ("GDPR") is a regulation in EU law on data protection and privacy for all individuals within the European Union  (EU) and the European Economic Area (EEA). It also addresses the export of personal data outside the EU and EEA areas. The GDPR aims primarily to give control to individuals over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU

Why do we collect and use pupil information?

 We collect and use pupil information under the Data Protection Act 1998 (DPA) and “Article 6” and “Article 9“ of the General Data Protection Regulation (GDPR).

 

Article 6 (GDPR) condition: Processing is necessary for compliance with a legal obligation to which the data controller is subject.

 

Article 9 (GDPR) condition: For substantial public interest on legal basis.

 

We use the pupil data:

  • to support pupil learning

  • to monitor and report on pupil progress

  • to provide appropriate pastoral care

  • to assess the quality of our services

  • to comply with the law regarding data sharing

 

We may also receive information from their previous school or college, local authority, the Department for Education (DfE) and the Learning Records Service (LRS).

 

Note: Schools and local authorities have a (legal) duty under the DPA and the GDPR to ensure that any personal data they process is handled and stored securely.

 

 

The categories of pupil information that we collect, hold and share include:

 

  • Personal information (such as name, unique pupil number and address)

  • Characteristics (such as ethnicity, language, nationality, country of birth and free school meal eligibility)

  • Attendance information (such as sessions attended, number of absences and absence reasons)

  •  

Collecting pupil information

Whilst the majority of pupil information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform you whether you are required to provide certain pupil information to us or if you have a choice in this.

 

Storing pupil data

We hold pupil data for no longer than is necessary. Full details of data retention lists can be found in the Records Management Society’s (RMS) Retention Guidelines for Schools (which can be found on the Council Intranet at https://intranet.gateshead.gov.uk/media/1032/Retention-guidelines-for-schools/pdf/schoolsretentionschedulefinal.pdf

 

Who do we share pupil information with?

We routinely share pupil information with:

 

  • schools that the pupil’s attend after leaving us

  • our local authority

  • the Department for Education (DfE)

  • NHS (for inoculations, etc)

 

Why we share pupil information

We do not share information about our pupils with anyone without consent unless the law and our policies allow us to do so.

 

We share pupils’ data with the Department for Education (DfE) on a statutory basis. This data sharing underpins school funding and educational attainment policy and monitoring.

 

We are required to share information about our pupils with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.

 

Data collection requirements:

To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.

 

Data Protection law in the UK changed on 25th May 2018

 

The new regulation is about protecting people in the modern information age.

An EU regulation, but staying even after Brexit.

It gives more control to individuals and more responsibilities to organisations which collect and hold your data.

Will be further embedded through the new Data Protection Act 2018 (which will repeal the Data Protection Act 1998).