As you may already be aware, the 25th May 2018 marked the enforcement of the General Data Protection Regulation (GDPR). The GDPR replaced the Data Protection Act 1998 and is designed to strengthen the safety and security of all data held within an organisation, and make sure processing and storage procedures are consistent.
First and foremost, it is important that you understand your rights under the GDPR; you have the right to:
- Be informed about how we use your personal data.
- Request access to the personal data that the school holds.
- Request that your personal data is amended if it is inaccurate or incomplete.
- Request that your personal data is erased where there is no compelling reason for its continued processing.
- Request that the processing of your data is restricted.
- Object to your personal data being processed.
The school has to prove their compliance with the GDPR, by having effective policies in place. There have also been some changes to the rights that individuals have – such as the right to have your information erased.
Privacy notices must also include new information, such as an individual’s right to complain to the Information Commissioner’s Officer (ICO). The GDPR takes into account the information of children too – parental consent is needed for children up to the age of 13, at which point, the child may be able to consent for themselves. Privacy notices must be given to children and have to be written using age-appropriate language.
A data breach notification duty is applied to all schools, and those that are likely to cause damage, e.g. identity theft, have to be reported to the ICO within 72 hours – failure to do so can result in a fine. A data protection impact assessment will be completed, which will likely be carried out when using new technologies and the processing is likely to result in a high risk to the rights and freedoms of individuals.
One of the biggest changes has been in terms of consent; consent must be a ‘positive indication’, which means that it has to be opted into, clear and unambiguous. Any consent given under the Data Protection Act 1998 will be reviewed and reobtained if necessary. This means the school may have to ask for you to consent to things again.
Finally, schools are required to appoint a data protection officer (DPO) – the DPO for Woodlands School is Jonathan Pickup and he can be contacted on email@example.com or 01253 316722.
To ensure your child's data is proteced I would like to ask you to ensure you have completed all consents on the Arbor app office, once you have read and understood the school’s privacy notice. Before you give consent to anything, it is vital that you have read and understood the privacy notice, as the school wants to ensure that you understand what we are doing with your data and that you know we are acting legally.
When policies are checked and ratified, they will be published on the school’s website, which can be accessed at www.woodlands.blackpool.sch.uk
If you have any questions about GDPR, you can contact the ICO on 0303 123 1113 or by using their live chat, or you can visit their Guide to the General Data Protection Regulation webpage. You are also welcome to direct any questions you have to the school's DPO at DPO@blackpool.gov.uk
- Anti Bullying Policy R0923
- Attendance Policy R1023
- Behaviour Support Policy R1023
- Child Friendly Peer on Peer Abuse Policy R0923
- Child Protection and Safeguarding Policy R0923
- Children Missing From Education - Missing Out - Schools Guidance 2023
- Children with Health Needs who Cannot Attend School R1023
- Data Protection Policy R0923
- Exclusion Policy R0923
- Facebook parent guide
- GDPR Policy 0923
- Instagram parent guide
- Keeping children safe in education 2023 - part one 1
- Looked after Children and Previously Looked After Children Policy R0923
- mobile security 2012 1
- Operation Encompass
- Physical Intervention Policy R1123
- Prevent duty guidance
- Prevent Strategy
- Promoting the education of looked-after children and previously looked-after children
- Retention and Information Asset Register R1023
- Safeguarding Statement
- Strategy for Countering Terrorism
- Youtube safety mode