Update on changes to data protection law
From May 25th 2018, the rules around data protection changed dramatically. The ‘General Data Protection Regulation’ (GDPR) changed how schools can use and store parent/pupil personal data and strengthened parental rights over their own/child’s data.
Our school has a legal duty to make sure sensitive or private information about yourselves and your children stays safe. We now confirm our procedures:
We will update our privacy notice annually. You will find this revised copy on the school website (Key Information tab on Home page / Policies & Procedures within drop-down menu). Please contact us if you do not have access and we will provide you with a hard copy, free of charge.
2)Permission / consent:
We have strict guidance and formats to follow when we seek permission/ consent – we will confirm how the data is stored, the length of time of storage and how we will delete it. You will also see that permission must always be sought by a tick box and there is clarity about the right to change your mind at any time.
We need to ask you to ‘opt-in’ to receive emails to your personal email address from the school eg. school newsletter or response to email updates.
4)Sharing of information
As a school, we share pupil medical information between appropriate staff. This ensures that all pupils are best supported and identified for correct treatment and response within the school day. We will request specific permission from those parents whose child/ren have known reactions to allergens as a pupil list will be kept within the kitchen,
If you have any questions about how the GDPR affects you or your child, please contact us. We would like to confirm that school is the Data Controller, the Data Protection Officer (DPO) is Mrs Amy Brittan, Somerset LA – email firstname.lastname@example.org and the school Data Protection Lead (DPL) is Mrs Catherine Walker – email email@example.com or phone 01460 240172.