The GDPR (General Data Protection Regulation) came into force on Friday 25th May 2018, right across the European Union. It is EU legislation designed to make how organisations use your data (and that of your children) easier to understand and give you more control over the data they hold. It also regulates how Data Controllers and Data Processors look after and use your information. It applies to schools (as well as to companies which are trying to sell you things!)
Our Data Protection Policy tells you more about the various laws which govern schools and allow us to collect, keep and process data. Our Pupil Privacy Notice, on our Website, adds more detail about who we share data with by law and lists our main Data Processors.
South View Community Primary Schools is therefore a Data Controller under the terms of the GDPR.
This means we collect personal data and use it directly in school for a variety of purposes:
- To support pupil learning.
- To monitor and report on pupil progress
- To provide appropriate pastoral care
- To assess the quality of our service
- To comply with the law regarding data sharing
- To safeguard pupils
We also share data with Data Processors. Some of these we are obliged by law to share data with, some to provide services to support the delivery of education. For the vast majority of information we hold, our lawful bases for processing your data are:
- Legal obligation
- Legitimate interest
This means that the law says we can collect and process your information, or that we can’t properly safeguard or deliver education to your children if we don’t have that information.
You haven’t received a similar request from us because we don’t hold the vast majority of our information by your consent; we hold it by legal obligation or for legitimate interest.
For instance, we must, by law, pass some information to the local authority and the government, and we can’t look after and educate children properly if we don’t hold important data about them - eg. Basic personal information, emergency contact details, medical needs etc.
You’ve probably received lots of ‘Please Opt In’ emails from various companies you’ve bought things from or signed up to in the past.
This is because they didn’t previously seek your consent in a way which would satisfy GDPR.
You have certain rights* over how your data is processed, and you also have rights on behalf of your children’s data.
The eight rights are explained in detail on the Information Commissioner’s website - just Google "ICO Individual Rights".
The first three - being informed of how we use your data, the right of access to your data and the right to make sure your data is accurate are the most relevant to the information we hold in school.