Data Protection Policy For Newton Hill Community School
On May 25th the General Data Protection Regulation came into effect across the EU. The GDPR is a piece of EU-wide legislation which will determine how people's personal data is processed and kept safe and the legal rights individuals have in relation to their own data.
Recital 74 of the General Data Protection Regulation (GDPR) states that -
‘The responsibility and liability of the controller for any processing of personal data carried out by the controller or on the controller’s behalf should be established. In particular the controller should be obliged to implement appropriate and effective measures and be able to demonstrate the compliance of processing activities with the Regulation, including the effectiveness of the measures. Those measures should take into account the nature, scope, context and purposes of the processing and the risk to the rights and freedoms of natural persons’
Newton Hill Community School and the School Governing Body has adopted the Policy as specified below.
An essential activity within is the requirement to gather and process information about its pupils, staff, parents and other individuals who have contact with the school, in order to enable it to provide education and other associated functions.
In addition, there may be a legal requirement to collect and use information to ensure that the school complies with its statutory obligations.
This will be done in accordance with Data Protection Law and other related government legislation.
Newton Hill Community School and the School Governing Body – acting as the data controllers of personal data – recognise their moral duty to ensure that it is handled properly and confidentially at all times, irrespective of whether it is held on paper or by electronic means. This covers the whole lifecycle, including:
● The obtaining of personal data;
● The storage and security of personal data;
● The use of personal data;
● The disposal/destruction of personal data.
Newton Hill Community School and the School Governing Body also has a responsibility to ensure that data subjects have appropriate access to details regarding personal information relating to them.
By following and maintaining strict safeguards and controls, Newton Hill Community School and the School Governing Body will:
● Acknowledge the rights of individuals to whom personal data relate, and ensure that these rights may be exercised in accordance with Data Protection Law;
● Ensure that individuals are fully informed about the collection and use of personal data through the publication of the school’s Privacy Notice;
● Collect and process personal data which is adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
● Ensure that adequate steps are taken to ensure the accuracy and currency of data;
● Ensure that for all personal data, appropriate security measures are taken – both technically and organisationally – to protect against damage, loss or abuse;
● Ensure that the movement of personal data is done in a lawful way – both inside and outside the organisation and that suitable safeguards exist at all times.
In order to support these objectives, Newton Hill Community School and the School Governing Body will:
● Have a designated “Data Protection Officer” (DPO) to meet the school’s obligations under Article 37 of GDPR. Newton Hill Community Schools’ DPO is Mrs C Luck firstname.lastname@example.org
● Ensure that all activities that relate to the processing of personal data have appropriate safeguards and controls in place to ensure information security and compliance with the Data Protection Law;
● Ensure that all contracts and service level agreements between Newton Hill Community School and external third parties (including contract staff – where personal data is processed) include the relevant Data Protection clauses and appropriate Organisational and Technological measures will be put in place to safeguard the data.
● Ensure that all staff (including volunteer staff) acting on Newton Hill Community School’s behalf understand their responsibilities regarding information security under the Act, and that they receive the appropriate training/instruction and supervision so that they carry these duties out effectively and consistently and are given access to personal information that is appropriate to the duties they undertake;
● Ensure that all third parties acting on Newton Hill Community School’s behalf are given access to personal information that is appropriate to the duties they undertake and no more;
● Ensure that any requests for access to personal data are handled courteously, promptly and appropriately, ensuring that either the data subject or their authorised representative have a legitimate right to access under Data Protection Law, that their request is valid, and that information provided is clear and unambiguous;
● Ensure that all staff are aware of the Data Protection Policy and Guidance;.
● Review this policy and the safeguards and controls that relate to it annually to ensure that they are still relevant, efficient and effective.
● This Policy and Procedure and the Subject Access Information material will be made available in other formats where necessary.
Data collection requirements:
To find out more about the data collection requirements placed on us by the Department for Education (for example; via the school census) go to https://www.gov.uk/education/data-collection-and-censuses-for-schools.
The Department has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
● who is requesting the data
● the purpose for which it is required
● the level and sensitivity of data requested: and
● the arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the department’s data sharing process, please visit:
For information about which organisations the department has provided pupil information, (and for which project), please visit the following website: https://www.gov.uk/government/publications/national-pupil-database-requests-received
To contact DfE: https://www.gov.uk/contact-dfe Requesting access to your personal data
Under data protection legislation, parents and pupils have the right to request access to information about them that we hold. To make a request for your personal information, or be given access to your child’s educational record, contact Mrs C Luck email@example.com or on 01924 303680
If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance. Alternatively, you can contact the Information Commissioner’s Office at https://ico.org.uk/concerns/