Elmwood Infant and Nursery School

Transcription

1 Elmwd Infant and Nursery Schl Data Prtectin Plicy Linked t the General Data Prtectin Regulatin (GDPR) February 2018 Article 3 - the best interests f the child must be a tp pririty in all decisins and actins that affect children Article 16 the right t privacy Article 36 Gvernments must prtect children frm all frms f explitatin.

2 Elmwd Infant Schl & Nursery Data Prtectin Plicy Linked t the General Data Prtectin Regulatin (GDPR) DATE POLICY CREATED: Feb 2018 DATE OF NEXT REVIEW: Feb 2020 Statement f Intent Elmwd Infant Schl and Nursery is required t keep and prcess certain infrmatin abut its staff members and pupils in accrdance with its legal bligatins under the General Data Prtectin Regulatin (GDPR). The schl may, frm time t time, be required t share persnal infrmatin abut its staff r pupils with ther rganisatins, mainly the LA, Department fr Educatin, ther schls and educatinal bdies, children s services and ther third parties, such as payrll prviders r cashless till services. This plicy is in place t ensure all staff and gvernrs are aware f their respnsibilities and utlines hw the schl cmplies with the fllwing cre principles f the GDPR. Organisatinal methds fr keeping data secure are imperative, and Elmwd Infant Schl believes that it is gd practice t keep clear practical plicies, backed up by written prcedures. This plicy cmplies with the requirements set ut in the GDPR, which will cme int effect n 25 May The gvernment have cnfirmed that the UK s decisin t leave the EU will nt affect the cmmencement f the GDPR This plicy will be implemented in cnjunctin with the fllwing ther schl plicies: E-safety Plicy Freedm f Infrmatin Plicy Acceptable Use Plicy Legal Framewrk This plicy has due regard t legislatin, including, but nt limited t the fllwing: The General Data Prtectin Regulatin (GDPR) The Freedm f Infrmatin Act 2000 The Educatin (Pupil Infrmatin) (England) Regulatins 2005 (as amended in 2016) The Freedm f Infrmatin and Data Prtectin (Apprpriate Limit and Fees) Regulatins 2004 The Schl Standards and Framewrk Act 1998 This plicy will als have regard t the fllwing guidance: Infrmatin Cmmissiner s Office (2017) Overview f the General Data Prtectin Regulatin (GDPR) Infrmatin Cmmissiner s Office (2017) Preparing fr the General Data Prtectin Regulatin (GDPR) 12 steps t take nw

3 Applicable Data Fr the purpse f this plicy, persnal data refers t infrmatin that relates t an identifiable, living individual, including infrmatin such as an nline identifier, e.g. an IP address. The GDPR applies t bth autmated persnal data and t manual filing systems, where persnal data is accessible accrding t specific criteria, as well as t chrnlgically rdered data and pseudnymised data, e.g. key-cded. Sensitive persnal data is referred t in the GDPR as special categries f persnal data, which are bradly the same as thse in the Data Prtectin Act (DPA) These specifically include the prcessing f genetic data, bimetric data and data cncerning health matters. Principles In accrdance with the requirements utlined in the GDPR, persnal data will be: Prcessed lawfully, fairly and in a transparent manner in relatin t individuals. Cllected fr specified, explicit and legitimate purpses and nt further prcessed in a manner that is incmpatible with thse purpses; further prcessing fr archiving purpses in the public interest, scientific r histrical research purpses r statistical purpses shall nt be cnsidered t be incmpatible with the initial purpses. Adequate, relevant and limited t what is necessary in relatin t the purpses fr which they are prcessed. Accurate and, where necessary, kept up-t-date; every reasnable step must be taken t ensure that persnal data that are inaccurate, having regard t the purpses fr which they are prcessed, are erased r rectified withut delay. Kept in a frm which permits identificatin f data subjects fr n lnger than is necessary fr the purpses fr which the persnal data are prcessed; persnal data may be stred fr lnger perids, insfar as the persnal data will be prcessed slely fr archiving purpses in the public interest, scientific r histrical research purpses r statistical purpses, subject t implementatin f the apprpriate technical and rganisatinal measures required by the GDPR in rder t safeguard the rights and freedms f individuals. Prcessed in a manner that ensures apprpriate security f the persnal data, including prtectin against unauthrised r unlawful prcessing and against accidental lss, destructin r damage, using apprpriate technical r rganisatinal measures. The GDPR als requires that the cntrller shall be respnsible fr, and able t demnstrate, cmpliance with the principles. Accuntability Elmwd Infant Schl will implement apprpriate technical and rganisatinal measures t demnstrate that data is prcessed in line with the principles set ut in the GDPR. The schl will prvide cmprehensive, clear and transparent privacy plicies. Recrds f activities relating t higher risk prcessing will be maintained, such as the prcessing f special categries data r that in relatin t criminal cnvictins and ffences. Internal recrds f prcessing activities will include the fllwing:

4 Name and details f the rganisatin Purpse(s) f the prcessing Descriptin f the categries f individuals and persnal data Retentin schedules Categries f recipients f persnal data Descriptin f technical and rganisatinal security measures Details f transfers t third cuntries where applicable, including dcumentatin f the transfer mechanism safeguards in place The schl will implement measures that meet the principles f data prtectin by design and data prtectin by default, such as: Data minimisatin. Pseudnymisatin. Transparency. Allwing individuals t mnitr prcessing. Cntinuusly creating and imprving security features. Data prtectin impact assessments will be used, where apprpriate. Data Prtectin Officer (DPO) A DPO will be appinted in rder t: Infrm and advise the schl and its emplyees abut their bligatins t cmply with the GDPR and ther data prtectin laws. Mnitr the schl s cmpliance with the GDPR and ther laws, including managing internal data prtectin activities, advising n data prtectin impact assessments, cnducting internal audits, and prviding the required training t staff members. An existing emplyee can be appinted t the rle f DPO prvided that their duties are cmpatible with the duties f the DPO and d nt lead t a cnflict f interests. Where pssible, this rle will be carried ut by an external prvider. The individual appinted as DPO will have prfessinal experience and knwledge f data prtectin law, particularly that in relatin t schls. The DPO will reprt t the highest level f management at the schl, which is the Head Teacher. The DPO will perate independently and will nt be dismissed r penalised fr perfrming their task. Sufficient resurces will be prvided t the DPO t enable them t meet their GDPR bligatins. Lawful Prcessing The legal basis fr prcessing data will be identified and dcumented prir t data being prcessed. Under the GDPR, data will be lawfully prcessed under the fllwing cnditins: The cnsent f the data subject has been btained. Prcessing is necessary fr:

5 Cmpliance with a legal bligatin. The perfrmance f a task carried ut in the public interest r in the exercise f fficial authrity vested in the cntrller. Fr the perfrmance f a cntract with the data subject r t take steps t enter int a cntract. Prtecting the vital interests f a data subject r anther persn. Fr the purpses f legitimate interests pursued by the cntrller r a third party, except where such interests are verridden by the interests, rights r freedms f the data subject. (This cnditin is nt available t prcessing undertaken by the schl in the perfrmance f its tasks.) Sensitive data will nly be prcessed under the fllwing cnditins: Explicit cnsent f the data subject, unless reliance n cnsent is prhibited by EU r Member State law. Prcessing carried ut by a nt-fr-prfit bdy with a plitical, philsphical, religius r trade unin aim prvided the prcessing relates nly t members r frmer members (r thse wh have regular cntact with it in cnnectin with thse purpses) and prvided there is n disclsure t a third party withut cnsent. Prcessing relates t persnal data manifestly made public by the data subject. Prcessing is necessary fr: Cnsent Carrying ut bligatins under emplyment, scial security r scial prtectin law, r a cllective agreement. Prtecting the vital interests f a data subject r anther individual where the data subject is physically r legally incapable f giving cnsent. The establishment, exercise r defence f legal claims r where curts are acting in their judicial capacity. Reasns f substantial public interest n the basis f Unin r Member State law which is prprtinate t the aim pursued and which cntains apprpriate safeguards. The purpses f preventative r ccupatinal medicine, fr assessing the wrking capacity f the emplyee, medical diagnsis, the prvisin f health r scial care r treatment r management f health r scial care systems and services n the basis f Unin r Member State law r a cntract with a health prfessinal. Reasns f public interest in the area f public health, such as prtecting against serius crssbrder threats t health r ensuring high standards f healthcare and f medicinal prducts r medical devices. Archiving purpses in the public interest, r scientific and histrical research purpses r statistical purpses in accrdance with Article 89(1). - Cnsent must be a psitive indicatin. It cannt be inferred frm silence, inactivity r pre-ticked bxes. - Cnsent will nly be accepted where it is freely given, specific, infrmed and an unambiguus indicatin f the individual s wishes. - Where cnsent is given, a recrd will be kept dcumenting hw and when cnsent was given. - The schl ensures that cnsent mechanisms meet the standards f the GDPR. Where the standard f cnsent cannt be met, an alternative legal basis fr prcessing the data must be fund, r the prcessing must cease.

6 - Cnsent accepted under the DPA will be reviewed t ensure it meets the standards f the GDPR; hwever, acceptable cnsent btained under the DPA will nt be rebtained. - Cnsent can be withdrawn by the individual at any time. - Where a child is under the age f 16 r yunger if the law prvides it (up t the age f 13), the cnsent f parents will be sught prir t the prcessing f their data, except where the prcessing is related t preventative r cunselling services ffered directly t a child. The Right t be Infrmed The privacy ntice supplied t individuals in regards t the prcessing f their persnal data will be written in clear, plain language which is cncise, transparent, easily accessible and free f charge. If services are ffered directly t a child, the schl will ensure that the privacy ntice is written in a clear, plain manner that the child will understand. In relatin t data btained bth directly frm the data subject and nt btained directly frm the data subject, the fllwing infrmatin will be supplied within the privacy ntice: The identity and cntact details f the cntrller (and where applicable, the cntrller s representative) and the DPO. The purpse f, and the legal basis fr, prcessing the data. The legitimate interests f the cntrller r third party. Any recipient r categries f recipients f the persnal data. Details f transfers t third cuntries if applicable and the safeguards in place. The retentin perid r criteria used t determine the retentin perid. The existence f the data subject s rights, including the right t: Withdraw cnsent at any time. Ldge a cmplaint with a supervisry authrity. The existence f autmated decisin making, including prfiling, hw decisins are made, the significance f the prcess and the cnsequences. Where data is btained directly frm the data subject, infrmatin regarding whether the prvisin f persnal data is part f a statutry r cntractual requirement, as well as any pssible cnsequences f failing t prvide the persnal data, will be prvided. Where data is nt btained directly frm the data subject, infrmatin regarding the categries f persnal data that the schl hlds, the surce that the persnal data riginates frm and whether it came frm publicly accessible surces, will be prvided. Fr data btained directly frm the data subject, this infrmatin will be supplied at the time the data is btained. In relatin t data that is nt btained directly frm the data subject, this infrmatin will be supplied: Within ne mnth f having btained the data. If disclsure t anther recipient is envisaged, at the latest, befre the data is disclsed. If the data is used t cmmunicate with the individual, at the latest, when the first cmmunicatin takes place.

7 The Right f Access Individuals have the right t btain cnfirmatin that their data is being prcessed. Individuals have the right t submit a Subject Access Request (SAR) t gain access t their persnal data in rder t verify the lawfulness f the prcessing. The schl will verify the identity f the persn making the request befre any infrmatin is supplied. A cpy f the infrmatin will be supplied t the individual free f charge; hwever, the schl may impse a reasnable fee t cmply with requests fr further cpies f the same infrmatin. Where a SAR has been made electrnically, the infrmatin will be prvided in a cmmnly used electrnic frmat. Where a request is manifestly unfunded, excessive r repetitive, a reasnable fee will be charged. All fees will be based n the administrative cst f prviding the infrmatin. All requests will be respnded t withut delay and at the latest, within ne mnth f receipt. In the event f numerus r cmplex requests, the perid f cmpliance will be extended by a further tw mnths. The individual will be infrmed f this extensin, and will receive an explanatin f why the extensin is necessary, within ne mnth f the receipt f the request. Where a request is manifestly unfunded r excessive, the schl hlds the right t refuse t respnd t the request. The individual will be infrmed f this decisin and the reasning behind it, as well as their right t cmplain t the supervisry authrity and t a judicial remedy, within ne mnth f the refusal. In the event that a large quantity f infrmatin is being prcessed abut an individual, the schl will ask the individual t specify the infrmatin the request is in relatin t. The Right t Rectificatin Individuals are entitled t have any inaccurate r incmplete persnal data rectified. Where the persnal data in questin has been disclsed t third parties, the schl will infrm them f the rectificatin where pssible. Where apprpriate, the schl will infrm the individual abut the third parties that the data has been disclsed t. Requests fr rectificatin will be respnded t within ne mnth; this will be extended by tw mnths where the request fr rectificatin is cmplex. Where n actin is being taken in respnse t a request fr rectificatin, the schl will explain the reasn fr this t the individual, and will infrm them f their right t cmplain t the supervisry authrity and t a judicial remedy. The Right t Erasure Individuals hld the right t request the deletin r remval f persnal data where there is n cmpelling reasn fr its cntinued prcessing.

8 Individuals have the right t erasure in the fllwing circumstances: Where the persnal data is n lnger necessary in relatin t the purpse fr which it was riginally cllected/prcessed When the individual withdraws their cnsent When the individual bjects t the prcessing and there is n verriding legitimate interest fr cntinuing the prcessing The persnal data was unlawfully prcessed The persnal data is required t be erased in rder t cmply with a legal bligatin The persnal data is prcessed in relatin t the ffer f infrmatin sciety services t a child The schl has the right t refuse a request fr erasure where the persnal data is being prcessed fr the fllwing reasns: T exercise the right f freedm f expressin and infrmatin T cmply with a legal bligatin fr the perfrmance f a public interest task r exercise f fficial authrity Fr public health purpses in the public interest Fr archiving purpses in the public interest, scientific research, histrical research r statistical purpses The exercise r defence f legal claims As a child may nt fully understand the risks invlved in the prcessing f data when cnsent is btained, special attentin will be given t existing situatins where a child has given cnsent t prcessing and they later request erasure f the data, regardless f age at the time f the request. Where persnal data has been disclsed t third parties, they will be infrmed abut the erasure f the persnal data, unless it is impssible r invlves disprprtinate effrt t d s. Where persnal data has been made public within an nline envirnment, the schl will infrm ther rganisatins wh prcess the persnal data t erase links t and cpies f the persnal data in questin. The Right t Restrict Prcessing Individuals have the right t blck r suppress the schl s prcessing f persnal data. In the event that prcessing is restricted, the schl will stre the persnal data, but nt further prcess it, guaranteeing that just enugh infrmatin abut the individual has been retained t ensure that the restrictin is respected in future. The schl will restrict the prcessing f persnal data in the fllwing circumstances: Where an individual cntests the accuracy f the persnal data, prcessing will be restricted until the schl has verified the accuracy f the data Where an individual has bjected t the prcessing and the schl is cnsidering whether their legitimate grunds verride thse f the individual Where prcessing is unlawful and the individual ppses erasure and requests restrictin instead

9 Where the schl n lnger needs the persnal data but the individual requires the data t establish, exercise r defend a legal claim If the persnal data in questin has been disclsed t third parties, the schl will infrm them abut the restrictin n the prcessing f the persnal data, unless it is impssible r invlves disprprtinate effrt t d s. The schl will infrm individuals when a restrictin n prcessing has been lifted. The Right t Data Prtability Individuals have the right t btain and reuse their persnal data fr their wn purpses acrss different services. Persnal data can be easily mved, cpied r transferred frm ne IT envirnment t anther in a safe and secure manner, withut hindrance t usability. The right t data prtability nly applies in the fllwing cases: T persnal data that an individual has prvided t a cntrller Where the prcessing is based n the individual s cnsent r fr the perfrmance f a cntract When prcessing is carried ut by autmated means Persnal data will be prvided in a structured, cmmnly used and machine-readable frm. The schl will prvide the infrmatin free f charge. Where feasible, data will be transmitted directly t anther rganisatin at the request f the individual. The schl is nt required t adpt r maintain prcessing systems which are technically cmpatible with ther rganisatins. In the event that the persnal data cncerns mre than ne individual, the schl will cnsider whether prviding the infrmatin wuld prejudice the rights f any ther individual. The schl will respnd t any requests fr prtability within ne mnth. Where the request is cmplex, r a number f requests have been received, the timeframe can be extended by tw mnths, ensuring that the individual is infrmed f the extensin and the reasning behind it within ne mnth f the receipt f the request. Where n actin is being taken in respnse t a request, the schl will, withut delay and at the latest within ne mnth, explain t the individual the reasn fr this and will infrm them f their right t cmplain t the supervisry authrity and t a judicial remedy. The Right t Object The schl will infrm individuals f their right t bject at the first pint f cmmunicatin, and this infrmatin will be utlined in the privacy ntice and explicitly brught t the attentin f the data subject, ensuring that it is presented clearly and separately frm any ther infrmatin. Individuals have the right t bject t the fllwing: Prcessing based n legitimate interests r the perfrmance f a task in the public interest Direct marketing

10 Prcessing fr purpses f scientific r histrical research and statistics. Where persnal data is prcessed fr the perfrmance f a legal task r legitimate interests: An individual s grunds fr bjecting must relate t his r her particular situatin. The schl will stp prcessing the individual s persnal data unless the prcessing is fr the establishment, exercise r defence f legal claims, r, where the schl can demnstrate cmpelling legitimate grunds fr the prcessing, which verride the interests, rights and freedms f the individual. Where persnal data is prcessed fr direct marketing purpses: The schl will stp prcessing persnal data fr direct marketing purpses as sn as an bjectin is received. The schl cannt refuse an individual s bjectin regarding data that is being prcessed fr direct marketing purpses. Where persnal data is prcessed fr research purpses: The individual must have grunds relating t their particular situatin in rder t exercise their right t bject. Where the prcessing f persnal data is necessary fr the perfrmance f a public interest task, the schl is nt required t cmply with an bjectin t the prcessing f the data. Where the prcessing activity is utlined abve, but is carried ut nline, the schl will ffer a methd fr individuals t bject nline. Autmated Decisin Making and Prfiling Individuals have the right nt t be subject t a decisin when: It is based n autmated prcessing, e.g. prfiling. It prduces a legal effect r a similarly significant effect n the individual. The schl will take steps t ensure that individuals are able t btain human interventin, express their pint f view, and btain an explanatin f the decisin and challenge it. When autmatically prcessing persnal data fr prfiling purpses, the schl will ensure that the apprpriate safeguards are in place, including: Ensuring prcessing is fair and transparent by prviding meaningful infrmatin abut the lgic invlved, as well as the significance and the predicted impact. Using apprpriate mathematical r statistical prcedures. Implementing apprpriate technical and rganisatinal measures t enable inaccuracies t be crrected and minimise the risk f errrs. Securing persnal data in a way that is prprtinate t the risk t the interests and rights f the individual and prevents discriminatry effects. Autmated decisins must nt cncern a child r be based n the prcessing f sensitive data, unless: The schl has the explicit cnsent f the individual.

11 The prcessing is necessary fr reasns f substantial public interest n the basis f Unin/Member State law. Privacy by Design and Privacy Impact Assessments The schl will act in accrdance with the GDPR by adpting a privacy by design apprach and implementing technical and rganisatinal measures which demnstrate hw the schl has cnsidered and integrated data prtectin int prcessing activities. Data prtectin impact assessments (DPIAs) will be used t identify the mst effective methd f cmplying with the schl s data prtectin bligatins and meeting individuals expectatins f privacy. DPIAs will allw the schl t identify and reslve prblems at an early stage, thus reducing assciated csts and preventing damage frm being caused t the schl s reputatin which might therwise ccur. A DPIA will be carried ut when using new technlgies r when the prcessing is likely t result in a high risk t the rights and freedms f individuals. A DPIA will be used fr mre than ne prject, where necessary. High risk prcessing includes, but is nt limited t, the fllwing: Systematic and extensive prcessing activities, such as prfiling Large scale prcessing f special categries f data r persnal data which is in relatin t criminal cnvictins r ffences The use f CCTV. The schl will ensure that all DPIAs include the fllwing infrmatin (see Appendix 1): A descriptin f the prcessing peratins and the purpses An assessment f the necessity and prprtinality f the prcessing in relatin t the purpse An utline f the risks t individuals The measures implemented in rder t address risk Where a DPIA indicates high risk data prcessing, the schl will cnsult the ICO t seek its pinin as t whether the prcessing peratin cmplies with the GDPR. Data Breaches The term persnal data breach refers t a breach f security which has led t the destructin, lss, alteratin, unauthrised disclsure f, r access t, persnal data. The Head Teacher will ensure that all staff members are made aware f, and understand, what cnstitutes a data breach as part f their CPD training. Staff must reprt any data breach r ptential breach as sn as pssible t the Data Prtectin Officer r a member f the Senir Management Team. Where a breach is likely t result in a risk t the rights and freedms f individuals, the relevant supervisry authrity will be infrmed.

12 All ntifiable breaches will be reprted t the relevant supervisry authrity within 72 hurs f the schl becming aware f it. The risk f the breach having a detrimental effect n the individual, and the need t ntify the relevant supervisry authrity, will be assessed n a case-by-case basis. In the event that a breach is likely t result in a high risk t the rights and freedms f an individual, the schl will ntify thse cncerned directly. A high risk breach means that the threshld fr ntifying the individual is higher than that fr ntifying the relevant supervisry authrity. In the event that a breach is sufficiently serius, the public will be ntified withut undue delay. Effective and rbust breach detectin, investigatin and internal reprting prcedures are in place at the schl, which facilitate decisin-making in relatin t whether the relevant supervisry authrity r the public need t be ntified. Within a breach ntificatin, the fllwing infrmatin will be utlined: The nature f the persnal data breach, including the categries and apprximate number f individuals and recrds cncerned The name and cntact details f the DPO An explanatin f the likely cnsequences f the persnal data breach A descriptin f the prpsed measures t be taken t deal with the persnal data breach Where apprpriate, a descriptin f the measures taken t mitigate any pssible adverse effects Failure t reprt a breach when required t d s may result in a fine, as well as a fine fr the breach itself. Data Security Cnfidential paper recrds will be kept in a lcked filing cabinet, drawer r safe, with restricted access. Cnfidential paper recrds will nt be left unattended r in clear view anywhere with general access. Digital data bth n a lcal hard drive and n the schl s netwrk is passwrd-prtected. The netwrk drive is backed up daily ff-site. Access t the schl s netwrk is cntrlled and access t sensitive and cnfidential data n the netwrk is restricted t nly thse members f staff wh require the infrmatin t perfrm their duties effectively. Access t the schl s management infrmatin system SIMS is passwrd-prtected and access t sensitive and cnfidential data n SIMS is restricted t nly thse members f staff wh require the infrmatin t perfrm their duties effectively. Staff are nt permitted t use remvable strage e.g. external hard drives r memry sticks t stre data. All electrnic devices are passwrd-prtected t prtect the infrmatin n the device in case f theft. Electrnic devices are kept securely when nt in use, e.g. in a lcked cabinet. Devices hlding pupil and staff phts will be regularly wiped t delete all images. Memry cards will be kept in a lcked cabinet when nt in use and will be wiped regularly.

13 Where pssible, the schl enables electrnic devices t allw the remte blcking r deletin f data in case f theft. Staff, gvernrs and student teachers, will nt use their persnal laptps r cmputers fr schl purpses. All necessary members f staff are prvided with their wn secure lgin and passwrd, and every cmputer regularly prmpts users t change their passwrd. Staff, gvernrs and student teachers must nt use persnal addresses fr sharing r viewing any schl data. Secure LGFL accunts are prvided fr all staff and gvernrs. s cntaining sensitive r cnfidential infrmatin are passwrd-prtected if there are unsecure servers between the sender and the recipient. Circular s t parents are sent blind carbn cpy (bcc), s addresses are nt disclsed t ther recipients. When sending cnfidential infrmatin by fax, staff will always check that the recipient is crrect befre sending. N persnal data r sensitive persnal data must be shared by text r n scial media e.g. Whatsapp. See als the schl s e-safety and IT Acceptable Use Plicy. Where persnal infrmatin that culd be cnsidered private r cnfidential is taken ff the premises, either in electrnic r paper frmat, staff will take extra care t fllw the same prcedures fr security, e.g. keeping devices r paperwrk under lck and key. The persn taking the infrmatin frm the schl premises accepts full respnsibility fr the security f the data. Befre sharing data, all staff members will ensure: They are allwed t share it. That adequate security is in place t prtect it. The persn r rganisatin wh will receive the data has been utlined in a privacy ntice. The persn r rganisatin wh will receive the data have cnfirmed in writing that they cmply with the GDPR and any ther relevant data prtectin legislatin. Under n circumstances are vlunteers, visitrs r unauthrised third parties allwed access t cnfidential r persnal infrmatin. Thse visiting areas f the schl cntaining sensitive infrmatin are supervised at all times. The physical security f the schl s buildings and strage systems, and access t them, is reviewed n a regular basis. If an increased risk in vandalism/burglary/theft is identified, extra measures t secure data strage will be put in place. Elmwd Infant Schl takes its duties under the GDPR seriusly and any unauthrised disclsure may result in disciplinary actin. The Office Manager is respnsible fr cntinuity and recvery measures are in place t ensure the security f prtected data. Publicatin f Infrmatin Elmwd Infant Schl has a publicatin scheme n its website (see Appendix 2) utlining classes f infrmatin that will be made rutinely available, including:

14 Plicies and prcedures Minutes f meetings Financial infrmatin, such as Pupil Premium Grant r Sprts Grant Classes f infrmatin specified in the publicatin scheme are made available quickly and easily n request. Elmwd Infant Schl will nt publish any persnal infrmatin, including phts, n its website withut the permissin f the individual. When uplading infrmatin t the schl website, staff are cnsiderate f any metadata r deletins which culd be accessed in dcuments and images n the site. CCTV and Phtgraphy The schl understands that recrding images f identifiable individuals cnstitutes prcessing persnal infrmatin, s it is dne in line with data prtectin principles. Cameras are nly placed where they d nt intrude n anyne s privacy and are necessary t fulfil their purpse. All CCTV ftage will be kept fr 30 days fr security purpses; the Office Manager is respnsible fr keeping the recrds secure and allwing access. The schl will always indicate its intentins fr taking phtgraphs f pupils and will btain permissin befre publishing them. If the schl wishes t use images/vide ftage f pupils in a publicatin, such as the schl website, prspectus, r recrdings f schl plays, written permissin will be sught fr the particular usage frm the parent f the pupil. Images captured by individuals fr recreatinal/persnal purpses, and vides made by parents fr family use, are exempt frm the GDPR. Data Retentin and String Pupil Data Data will nt be kept fr lnger than is necessary. The schl fllws the Infrmatin Cmmissiner s guidance n retentin f dcuments, including the Infrmatin and recrds Management Sciety s Retentin Guidelines fr Schl. Unrequired data will be deleted as sn as practicable. Sme educatinal recrds relating t frmer pupils r emplyees f the schl may be kept fr an extended perid fr legal reasns. Paper dcuments will be shredded r pulped, and electrnic memries scrubbed clean r destryed, nce the data shuld n lnger be retained. DBS Data All data prvided by the DBS will be handled in line with data prtectin legislatin; this includes electrnic cmmunicatin.

15 Data prvided by the DBS will never be duplicated. Any third parties wh access DBS infrmatin will be made aware f the data prtectin legislatin, as well as their respnsibilities as a data handler.

16 Appendix 1 Data Prtectin Impact Assessment Intrductin Prject name. Explain what the prject aims t achieve, and what the benefits will be t the schl, t individuals and t ther members f the schl cmmunity. Link t any ther relevant dcuments related t the prject, e.g. a prject prpsal. Describe the prcess fr the cllectin and deletin f any persnal data. Explain what infrmatin will be used used, what it is used fr and wh will have access t it. Detail hw many individuals are likely t be affected by the prject. Questin Yes N Unsure Cmments Will the prject invlve cllecting new infrmatin abut individuals? Will the prject require individuals t prvide infrmatin abut themselves? Will infrmatin abut individuals be disclsed t ther individuals r rganisatins wh have nt previusly held infrmatin abut the individual? Is any infrmatin abut individuals held fr purpses it is nt currently used fr, r in a way it is nt currently used? Will the prject invlve using a new technlgy that might be perceived as being intrusive t an individual s privacy? Will the prject result in any decisins r actins taken against individuals which may have a significant impact n them? Will any infrmatin abut individuals raise privacy cncerns, e.g. infrmatin they may wish t keep private, such as criminal infrmatin held n DBS certificates? Will the prject require yu t cntact individuals in ways that they may find intrusive?

17 Risk Assessment Ptential Risk Risk Rate H/M/L Prpsed Slutins Respnsibility Risk reduced t acceptable level Y/N Risk t individuals Risk t schl Risk t cmpliance with GDPR

18 Appendix 2: Publicatin Scheme This scheme fllws the mdel apprved by the Infrmatin Cmmissiner and sets ut the classes f infrmatin which we publish r intend t publish; the frmat in which the infrmatin will be made available and whether the infrmatin is available free f charge r n payment. 1. Classes f infrmatin Infrmatin that is available under this scheme includes: Wh we are and what we d What we spend and hw we spend it What are ur pririties are and hw we are ding Hw we make decisins Our plicies and prcedures The services we ffer Infrmatin which will nt be made available under this scheme includes: Infrmatin the disclsure f which is prevented by law, r exempt under the Freedm f Infrmatin Act, r is therwise prperly cnsidered t be prtected frm disclsure. Infrmatin in draft frm. Infrmatin that is n lnger readily available as it is cntained in files that have been placed in archive strage, r is difficult t access fr similar reasns. 2. Infrmatin available n ur website Every lcal-authrity maintained schl must publish specific infrmatin n its website t cmply with The Schl Infrmatin (England) (Amendment) Regulatins The infrmatin specified is as fllws: 1. Schl cntact details 2. Admissin arrangements 3. Ofsted reprts 4. Exam and assessment results 5. Perfrmance tables 6. Curriculum 7. Behaviur plicy 8. Schl cmplaints prcedure 9. Pupil premium 10. PE and sprt premium fr primary schls 11. Special educatinal needs (SEN) and disability infrmatin 12. Equality bjectives 13. Gvernrs infrmatin and duties 14. Charging and remissins plicies 15. Values and eths 16. Details f hw t request paper cpies f dcuments 3. Hw t request infrmatin Requested dcuments under the publicatin scheme will be delivered electrnically where pssible, but paper cpies can be prvided by cntacting the schl using the belw cntact details.

19 T enable us t prcess yur request quickly, please mark all crrespndence: FREEDOM OF INFORMATION REQUEST Dcuments can be translated under disability legislatin int accessible frmats where pssible. 4. Charges Dcuments cntained in this scheme are free t view n the schl website r single paper cpies are available free f charge t parents and prspective parents f the schl wh request them. 5. Feedback We welcme any cmments r suggestins yu may have regarding this scheme. Please cntact the schl using the belw cntact details: ffice@elmwd-inf.crydn.sch.uk