Please find attached Privacy Notices for Parents and Carers, Governors and Volunteers and School Workforce.
The purpose of a Privacy Notice Providing accessible information to individuals about the use of personal information (data) is a key element of General Data Protection Regulation (GDPR) and sets a legal framework with which education settings and local authorities must comply.
All education settings and local authorities are data controllers and data processors in their own right and, as such, they have a duty to inform pupils, staff and parents how they process the data that is within their control.
• Data controller - The organisation who (either alone or in common with other people) determine the purpose for which, and the manner in which data are processed. • Data Processor - A person or organisation who process data on behalf of and on the orders of a controller For the purposes of data protection legislation, the terms ‘process’, ‘processed’ or ‘processing’ apply to any activity involving the personal data, such as:
• collecting • storing • sharing • destroying Please note: this list is not exhaustive The most common way to provide information is through a privacy notice. The privacy notice is a document that is used to set out the data controller’s policies on how they process the data that is within their control and would be expected to meet the requirements outlined in section 2 of this guide.
For more information on privacy notices and the changes required as a result of GDPR, please see the ICO (Information Commissioners Office) website: https://ico.org.uk/fororganisations/guide-to-data-protection/privacy-notices-transparency-and-control/.