General Data Protection Regulations
General Data Protection Regulations (GDPR)
How we use pupil information
Who do we share pupils information with?
We routinely share pupil information with:
- Schools or colleges that the pupils attend after leaving us
- Our local authority and their commissioned providers of local authority services
- The Department of Education (DfE)
Storing pupil Information
At Over Hall we keep information about your child on our computer systems and also sometimes on paper.
We hold your child’s education records securely until your child reaches the age of 25, after which they are safely destroyed.
There are strict controls on who can see your information. We will not share data if you have advised us that you do not want it shared, unless it is the only way we can make sure you stay safe and healthy or we are legally required to do so.
The National Pupil Database (NPD)
The NDP is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the School Census and Early Years’ Census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the pupil information we share with the Department of Education, for the purpose of data collections, go to www.gov.uk/government/publications/national-pupil-database-user-guide-and-supporting-information
The Department of Education may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
- Conducting research or analysis
- Producing statistics
- Providing information, advice or guidance
The Department of Education has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
- Who is requesting the data
- The purpose for which it is required
- The level and sensitivity of data requested and
- The arrangements in place to store and handle the data
To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the Department of Education’s data sharing process, please visit: www.gov.uk/data-protection-how-we-collect-and-share-research-data
For information about which organisations the Department of Education has provided pupil information, (and for which project), please visit the following website: www.gov.uk/government/publications/national-pupil-database-requests-received
Requesting access to your personal data
Under data protection legislation, parents have the right to request access to information about themselves or their child that we hold. To make a request for your personal information, or be given access to your child’s educational record, please request this in writing to the Headetacher via the school office . The school will, on an annual basis, share individual Data Collection Sheets with you in order to ensure that our records are accurate and up to date. We request that these are returned promptly and that school is advised of any changes as soon as possible. School will seek your permission to use your child's photo for school purposes - this information will be collated and securely stored for reference.
You also have the right to:
- Object to processing of personal data that is likely to cause, or is causing, damage or distress
- Prevent processing for the purpose of direct marketing
- Object to decisions being taken by automated means
- In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
- Claim compensation for damages caused by a breach of the Data Protection regulations
If you should have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at co.org.uk/concerns