As a school, we are required to collect certain information in order to carry out our core function of providing education as well as ensuring the wellbeing and welfare of our students and staff. We do this on the legal basis that we are required to as an authority and, therefore, require no further permission to do this. There are areas, however, where we do require permission for certain activities other than our core functions e.g. biometrics.
The introduction of the Data Protection Act of 2018 (incorporating GDPR legislation) has meant the school has had to focus more on what means we gather, handle, store and dispose of data on all our students, parents, staff and alumni. As a result, we have implemented more robust and secure systems for both electronic and paper recordkeeping as well as introducing robust data-related policies.
The school's Data Protection Officer is Mr Paul Steward: email@example.com who oversees the school's practices and ensures staff are trained and are aware of their responsibilities in handling data.
The school has two main policies which form the core of our Data Protection practices as follows:
The Data Protection Policy incorporates the Privacy Notices for School Workforce (Staff) and for Students & Families:
The Data Retention Policy outlines the length of time the school intends to keep data on data subjects:
We also have a couple of specific additional data-related policies: