From 25th May 2018, the laws around data protection changed and the new General Data Protection Regulation (GDPR) became law. As an organisation that gathers and uses data, we are required to review our data handling and related procedures.
In principle, with regards to data collection, we are now required to consider:
- what data we need from you
- why we need it
- what we will do with it
- where it will be stored
- who we may share it with and why
- how we will dispose of the data
- how long we will keep it
As well as telling you all these things, we are also required to tell you how you can view the data, request changes or deletions and what we will do in the case of a data breach.
The law states that you have 9 rights in relation to the data we hold. These are ...
- the right to see any data we keep on record
- the right to request changes where errors exist
- the right to request that something is removed from the record/data
- the right to request that information is not used in any way other that originally intended
- the right to have your data used by someone else
- the right to object to data being used for marketing or other commercial purposes
- the right for your children's data to be used for their education only
- the right to complain about how the data has been gathered and used in this school
- the right to compensation if damages have occurred as a result of our data handling
Your child's Data
As a school, we require some essential data from you as parents. This data can be as simple and as routine as your address, a contact phone number or any medical conditions your child may have. Such information is not only legally required by the school, but also ensures that children and their families are well served by the school for routine matters.
In most cases, this data will be provided by you in written form but will then be 'processed' and entered onto the school's information management system, Arbor. Be assured that our systems are:
- password protected
- restricted to those with a 'need to know'
- regularly backed up
- managed in accordance with the law and local guidance
However, as a school we handle and use a much wider variety of data which may include our multimedia recordings, test data, referrals to social care and much more. More information on this can be found below by clicking on the privacy statement links.
Sharing Your Data
We will always endeavor to tell you what we are doing with your data. However, on occasion we may be required to pass on data to other people/agencies. The circumstances in which we would likely do so, would include:
- at the request of a court of law
- where we believe your child is at risk of harm
- we are legally required to so
- at the request of police services in relation to crime
Data Protection Officer
We take data protection very seriously at Cranborne Primary School.
In line with GDPR requirements, we have appointed a Data Protection Officer, Patrick Aikman who can be contacted on Patrick@SchoolDPOservice.com to oversee our approach to data management and protection.
If you have any concerns or questions, you should direct them to the DPO in the first instance. They will help you with any requests you may have and advise you of your rights. In addition to their advice, there is additional information below that will be useful.
The Schools Duty
The school must operate within the law (GDPR). This means that the school must:
- have a Data Protection Officer
- have policies for the management of data (including complaints)
- respond to complaints or requests within one calendar month
- keep parents informed of what we 'do' with any data
- inform you of any breach in our data that affects you
There are a number of documents that support our approach to GDPR. The main documents regarding this are below. If you would like a printed copy please contact the school office.