General Data Protection Regulations (GDPR)
In May 2018, the General Data Protection Regulations (GDPR) were brought into force by the European Commission, to significantly protect personal data and reduce the number of cyber-related crimes. The act details how data can be acquired, the legal basis for personal data being used, how data should be stored and the responsibility that organisations have to rectify any mistakes in the data that is stored. Although some changes to the UK GDPR legislation have been implemented since Brexit, broadly speaking schools have the same responsibilities as detailed within the EU GDPR legislation.
At William Patten School we take data security very seriously as we appreciate the consequences of data being shared inappropriately or incorrectly and the implications this can have on everybody involved. All staff have yearly GDPR and acceptable use training, to ensure that we are all aware of our collective responsibility to comply with GDPR legislation. We review the GDPR compliance and privacy notices of organisations we use and only share appropriate data. Almost all of the personal data that we process or share, is due to our legal or legitimate requirements to comply with our statutory obligations as a school. We seek parents’ permission to use, share and publicise any materials not covered by these statutory requirements – such as school photographs, using photos in school publicity materials, Instagram accounts etc. This permission is sought annually and parents also have to right to withdraw such permission. We similarly seek permission from the William Patten staff team to use data and images that are not covered by of our statutory obligations.
As further explanation of how we ensure compliance with GDPR legislation, here are some examples of how and why we share data.
At William Patten to support learning and ensure every child has access to a broad, rich curriculum we subscribe to many different types of educational software. To enable each child’s progress and attainment to be closely monitored we may need to supply these software companies with details about your child; these are generally basic details such as name and date of birth.
In EYFS teachers use software called Interactive Learning Diary (ILD); for this we have to share your child’s name and date of birth.
We have a legal requirement to track and record children’s progress in English, Maths and Science to allow us to report to the Department of Education – such as the reception baseline assessment (RBA, six weeks after the start of the autumn term), the EYFS Profile (at the end of reception), the PSC (at the end of Year 1), KS1 SATs (at the end of Year 1), Multiplication tables check assessments (at the end of Year4), and KS2 SATs (at the end of Year 6). We monitor this by not only marking children’s books but assessing their work too. These assessments are recorded and continually updated on our assessment tracking system.
William Patten would like to advise, update and/or send reminders to parents/carers of events, trips, Parents’ Evening appointments etc. using SIMS, School Interviews software etc. When using our messaging service, we must share your contact details with the company that sends these messages, at present this is SIMS. No other details apart from your name and mobile number/email address are shared with the company and SIMS have confirmed that they do not keep any of your data once you are no longer a parent/carer of the school and never share this data with any other companies and that they are compliant with GDPR.
Very important to us is the celebration of our pupil’s achievements and therefore we publish photos of the children at sporting events, taking part in workshops, taking part in whole school events and celebrations etc. in our school newsletter, our school Instagram account and our website.
As always, to ensure the privacy and safety of pupils, we operate the following policy regarding publishing photographs of the children or their work:
If you require any further information around GDPR or how we use/share data, please contact the Data Protection Controller by emailing firstname.lastname@example.org or via the school office.