Changes to Data Protection Law
You may be aware that from May, the rules around data protection are changing. The ‘General Data Protection Regulation’ (GDPR) will change how we can use your personal data and keep it safe, and will also strengths your rights over your own data.
The point of this is to make sure sensitive or private information about yourselves and your child/ren stays safe. Whilst it is similar to the current Data Protection Act in many ways, there are a few differences, so we need to make a few changes within the school in order to ensure we remain compliant. One of these changes is that we have updated our privacy notice, which is available on our school’s website – www.grangetownprimary.org.uk
To ensure we are meeting the new requirements, we also need to re-seek your consent to take and use photos of your child. We really valve using photos of pupils, to be able to showcase what they do in school and what life at our school is like to others, so we would appreciate you taking the time to give consent again.
Who processes your information?
The school is the data controller of the personal information you provide. This means the school determines the purposes for which, and the manner in which, any personal data relating to pupils and their families is to be processed. Grangetown Primary School acts as a representative for the school with regard to its data controller responsibilities.
In some cases, your data will be outsources to a third party processor however, this will only be done with your consent, unless the law allows the school to share your data. Where the school outsources data to a third party processor, the same data protection standards that the school uphold are imposed on the processor.
Why do we collect this information?
Grangetown Primary School holds the legal right to collect and use personal data relating to pupils and their families. We may also receive information regarding them from their previous school, Local Authority and/or the Department for Education. We collect and use personal data in order to meet legal requirements and public interests set out in the GDPR and UK law.
In Accordance of the above, the personal data of pupils and their families is collected and used for the following reasons:
- To support pupil learning
- To monitor and report on pupil progress
- To provide appropriate pastoral care
- To assess the quality of our service
- To comply with the law regarding data sharing
The school will not share your personal data with any third parties without your consent, unless the law allows us to do so. The school routinely shares pupil’s information with:
- Pupils destinations upon leaving the school – Partner secondary schools
- The Local Authority – IT Provider
- The NHS – School information Management System
- The Children’s Hub (safeguarding) – Kitchen and lunchtime staff
- CPOMS (safeguarding) – School Photography (with consent)
- OFSTED – Educational visits/Residential partners
- Education Welfare (Attendance) - School Sports Partnership, Sports Coaches
- The Special Educational Team – Music Partnership, Music specialist
The information that we share with these parties includes the following (this is not an exhaustive list):
- Personal information; e.g. name, parent contact details, emergency contact details, sibling links
- Characteristics; e.g. gender, ethnicity, religion, language, nationality, country of birth, free school meal eligibility
- Attendance information; e.g. numbers of absences and reasons for absence
- Assessment information; e.g. National Curriculum Information, results, reports
- Relevant medical information; e.g. information about allergies
- Information relating to SEN
- Behaviour information; e.g. number of temporary exclusions
- Safeguarding information; e.g. early health assessments, look after information, children protection information
- Information from previous education providers
- Nursery place eligibility
If you have any questions about how the GDPR affects you, or how our school is preparing, you can contact the school office.
