Holystone Primary School Data protection policy statement
Data Protection Statement
Holystone Primary School is fully committed to full compliance with the requirements of the General Data Protection Regulation (GDPR). The School will therefore follow procedures which aim to ensure that all our staff, Governors, and contractors who have access to any personal data held by or on behalf of the School are fully aware of and abide by their duties under the GDPR. We also adhere to the guidance issued by the Information Commissioner.
We collect and use information about our pupils in order to carry out our functions. This also includes information about current, past and prospective staff, parents and suppliers of services to us. In addition we are required by law to collect and use information in order to comply with statutory requirements. Personal information must be processed appropriately however it is collected, recorded and used and in whatever format it is held.
We regard the handling of personal information as very important to us being able to carry out our day to day business and essential to maintaining confidence. We therefore fully adhere to the Principles of the GDPR.
How we handle personal and sensitive data
We will ensure that appropriate controls and measures are in place to monitor and review data so:
- It is secure and protected
- It is used in efficient and effective ways to improve the education of our pupils
- Only necessary data is collected
- It is only collected for the purpose as described at the time of collection
- Information is accurate
- Information is not kept for longer than is necessary
- Data which is no longer needed is securely destroyed
- Information is not transferred abroad without suitable safeguards
- There is general information for pupils and parents and staff of their rights to access information
- The rights of pupils, parents and staff about whom information is held can be fully exercised under the General Data Protection Regulations.
We will also ensure appropriate technical and organisational security measures to safeguard information (including unauthorised or unlawful processing and accidental loss or damage of data) are in place.
Under Data Protection Legislation individuals have the right to:
- Access their own personal information within one month of request
- Prevent processing of their information in certain circumstances
- Request that information be corrected, rectified or blocked where it is identified as incorrect
- Expect that the we have an officer specifically responsible for data protection in the School
- Expect guidance and training for staff is provided at an appropriate level
- Ensure that any breaches of this policy are dealt with appropriately and in a timely manner.
The Principles of Data Protection
The GDPR stipulates that anyone processing personal data must comply with 6 special categories of good practice. The special categories are legally enforceable. For more information about the special categories, citizens rights and the distinction between personal data and ‘special categories’ under Data Protection legislation please see the Information Commissioners Data protection pages.
If you would like to know more about how we use your information, please contact Mrs Kimage – our Data Protection Officer at the following address:
Information Governance Manager
Law and Governance
North Tyneside Council
The Silverlink North
Cobalt Business Park