Please note: Until the implementation of GDPR settles, this page and the linked Privacy Notices are subject to change. Please check back for updates.
This page contains information about the school's arrangements for protecting personal data, and links to relevant resources including official Privacy Notices. See also the links to IT Services and Online Safety.
Data protection changes 2018 (incorporating GDPR)
GDPR is upon us, but as the ICO says: 'May 25th is a beginning, not the end'
You are probably aware by now that data protection law in the UK has changed to incorporate the EU General Data Protection Regulation (GDPR). Since the UK Data Protection Act of 1998 there have been many developments in the way information is handled, not least the impact of the internet and cloud computing. The UK government and the EU are bringing the law up to date and this will affect the way St Bede’s handles personal data relating to your child(ren) and yourselves.
Data protection is handled in the UK by the Information Commissioner’s Office (ICO), and the new regulation is being incorporated into UK law so it will continue to apply after Brexit in 2019.
Note: As guidance from the Department for Education, ICO and EU is still being published, the information shown here may change to reflect further advice as it emerges, even after May 25th. All schools, organisations and system suppliers have been working to the same deadline which may result in some changes even after GDPR begins in May, as things settle down.
How will the new regulation/law change things?
The school will publish details of the personal information processed either by itself or by 3rd party services engaged by the school.
Some aspects of the way the school handles personal data will change to ensure it is only processed where relevant and in line with the new legislation.
For some purposes the school will process personal data to comply with external authorities e.g. the Department for Education, or to deliver the school’s duties as a public authority (educating students). For other purposes, the school will seek consent from parents or students to process their personal data. More information will be provided in the updated official privacy notices.
The school will also implement updated procedures for finding out what personal data is being held by the school about your child(ren) or yourselves, and how to report a data breach should you think personal data has not been used in accordance with the privacy notice.
What is personal data?
Information (electronic or paper) relating to an identifiable individual e.g. student or parent. St Bede’s controls and processes personal data about students and parents in order to fulfil its function as a school in terms of learning, teaching and administration.
What is a privacy notice?
The school handles personal data for several different groups of people, and for different purposes. For each group (listed below) the relevant privacy notice contains the following:
- What information we collect and hold
- Why we process this data
- The lawful basis for processing this data
- With whom we share the data, and why
- The rights of the individuals whose data we process
- How to raise a concern or complaint (and contact details)
We are publishing privacy notices for the following groups of individuals (to be found at the foot of the page):
- Pupils [separate versions for parents and pupils] - both published
- Parents - published
- Employees - published
- Governors and volunteers *
- Job applicants - published
- Sports Members of the school gym - published
- Community Tea invitees *
* = in preparation or awaiting approval
We also answer some common questions below:
Can I find out what personal information the school holds?
Members of the school community are entitled to see the personal data held in school systems about themselves. Parent/Guardians may also request to see their child’s personal data, subject to the child’s consent (above year 8). There is generally no fee for this service (exceptions may apply if requests are frequent or excessive).
Requests can be made via the contact form on this website or by email, phone or letter. Requests made via the website contact form generate an email and will be processed as such.
To provide the information we need some details in order to establish what you require. Given the size of school and volumes of data involved, a blanket request for ‘everything’ about someone may be considered disproportionate or excessive and therefore unable to be fulfilled. If extracting your personal data discloses personal data about other individuals, this may also affect our ability to fulfil the request.
- If you have supplied an email address then an electronic form will be sent so we can establish the specific details you require.
- If you have telephoned or sent a letter without providing an email address then a paper form will be sent by post. A form will be supplied directly if requesting in person (after showing photo ID).
Before your request can be processed we will need to confirm your identity and that you are entitled to the information you have asked for; please bring photo ID if you make a request in person. If you are a parent or guardian requesting information about your son or daughter and they are in year 9 or above then their consent is required under the GDPR (if possible, we will establish that in school).
Once the form has been received and we have confirmed your entitlement to the data, the formal Subject Access Request process will begin and you should receive a response within 1 month.
Please note: As the School has limited staff resources outside of term time, we encourage pupils/parents/carers to submit Subject Access Requests during term time and to avoid sending a request during periods when the School is closed or is about to close for the holidays where possible. This will assist us in responding to your request as promptly as possible.
What if I have a concern or complaint about the school's handling of personal data?
Technology, practice and procedure are continually evolving and for known shortcomings plans are in place to fulfil the requirements of the GDPR. In the meantime if you have any concerns or are aware of any areas falling below expectation then in the first place please contact the school’s data protection officer, via the contact page on this website (choose Data Protection enquiry under the recipient field). More details are in the privacy notices.
If you think school related personal data can or has been found in the wrong place, again in the first instance please contact the school’s data protection officer who will instigate an investigation.
How can I find out more?
If you have any questions please choose ‘Data Protection Enquiry’ on the website contacts page. Alternatively, there is detailed information on the Information Commissioner’s website https://ico.org.uk.
|Privacy Notice 2018 v1.0 - employees||15th Jun 2018||Download|
|Privacy Notice 2018 v1.0 - parents (themselves)||15th Jun 2018||Download|
|Privacy Notice 2018 v1.0 - pupil version||25th May 2018||Download|
|Privacy notice 2018 v1.1 - Job Applicants||24th May 2018||Download|
|Privacy Notice 2018 v1.1 - sports members||24th May 2018||Download|
|Privacy Notice 2018 v1.2 - parents re: pupils||24th May 2018||Download|