By this statement Rainbow Primary School is seeking to inform employees, pupils, parents, business partners and suppliers of its commitment to good data protection practice and its ongoing GDPR compliance.
The EU General Data Protection Regulation (GDPR) became effective on 25 May 2018. The GDPR has brought considerable changes to data protection law both in the UK and across the European Economic Area.
Rainbow Primary School has always sought to ensure compliance with data protection law. The school is in a position to confirm that it has:
The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
There are 6 key principles to the GDPR that the school is accountable for:
The school has put a variety of measures in place to ensure that all personal data is protected. These include;
There is a range of terminology that is used to refer to aspects of GDPR that schools must get used to using. Below is an overview with definitions to provide clarity over what is meant by certain types of data and the different roles involved in the handling of data.
As a school we have reviewed all of the data that we currently hold and produced a “Data Asset Register” which documents the type of data, the data processor, where the data is stored, the reason that the data is stored and any potential risks that must be considered when developing policies/procedures around data protection. Included in this process has been making contact with any data processors to ensure that they are all GDPR compliant. Below is a list of the data processors used by the school (individual links to each provider will be added once their GDPR compliance policies/statements are finalised):
SIMS (School Management Information System)
HCSS (School Budgeting Tool)
FMS (School Financial Management System)
Office Education 365 (Staff email system)
Mathletics, (Digital maths activities for children)
CPOMS (Child Protection Online Monitoring System that incidents are stored on)
Classroom Monitor (School Assessment Tracking System)
Parentmail (Communication and cashless payment system)
SAM (Staff Absence Management System)
As a school we have looked at what data we need to obtain consent for under the GDPR, so that any data we collect is appropriate. To comply with the Department for Education (DFE) and Census obligations we request on admission a range of personal information that complies with our statutory duties on the emergency contact form. When changes to any of this data occurs and we are informed, this is updated as soon as possible within our Management Information System SIMS.
For other types of data that we collect we seek consent though consent forms that provide parents with the opportunity to give or decline consent.
Consent is only accepted if it is freely given and parents/cares are entitled to withdraw consent at anytime by contacting the School office, where the request will be put in place with immediate effect.
Please follow the link to access our Policies Page, where our GDPR Policy can be found.
Rainbow Primary School, Nelson Street, Bradford, BD5 0HD
Phone: 01274 221400 Email: firstname.lastname@example.org
Our office staff taking calls are: Miss Tommis-Newberry and Mr Rauf
Arshad Javed – Acting Chief Executive Officer | Stephanie Ngenda – Head of School | Helen Whelan – SENDCO
Amjad Pervez – Chair of The Trust – Amjad.email@example.com or
by post C/O Rainbow Primary School, Nelson Street, Bradford, BD5 0HD