Right to be informed

For use in schools and Children's Services

Data protection legislation sets out what individuals have a right to be informed about when organisations, such as schools and the County Council, collect and use their personal data.

Amongst other things organisations must tell people why they collect their data, who they share it with and how long they keep it for. Providing people with this information is a key element of the principle of transparency and can also help to build trust with individuals.

Purpose of privacy notices (previously called fair processing notices)

The privacy notice is what is used to provide this information to the individual (the data subject), or their representative (such as a parent), when their information is processed.

A privacy notice is issued to individuals (staff, young people and their families) when personal and/or special category information is processed (collected, stored, used or shared) in order to meet the requirements of the General Data Protection Regulation (GDPR) and the Data Protection Act (2018).

Children's Services privacy notices

The Children’s Services Department has developed privacy notices for our various services to ensure that individuals are informed about what we are doing with their information. All of the department’s privacy notices can be accessed via the lists below, broken down by the service area they are supporting:

Children's social care services

Education and inclusion services

Access, Resources and Business Development Teams

We also document all the applicable information under Article 30(1) of the GDPR, which can be seen for children’s services through our data-mapping exercise. We also conduct regular reviews of the personal data we process and update our documentation accordingly.

For further information please contact the Children’s Services Data Protection lead by email [email protected]

For further information on how the wider County Council handles personal information, your data rights, how to raise a concern about the way we are processing your information and the contact details for the County Council’s Data Protection Officer, please see our General Privacy Notice.

Privacy notice templates

Suggested privacy notices for schools and local authorities to issue to staff, parents and pupils about the collection of data.

Schools are their own data controller in the eyes of the law. They develop their own policies and documentation to comply with the Data Protection Act. The templates support schools to develop their own privacy notices. Schools need to be aware of the information they collect and wish to share or use about staff, children and their parents outside of the normal reasons for collection, for example:

  • emailing electronic school newsletters
  • sharing contact details of parents within a class, for example help to arrange birthday parties for younger pupils
  • sharing with parent teacher groups to help arrange unofficial school events, such as discos and fundraising activities
  • sharing across the Local Children’s Partnership for more vulnerable children
  • sharing across a school consortia
  • sharing contact details for governors

There are statutory requirements for schools to exchange information about staff, parents and children, such as through:

  • school workforce census
  • pupil level censuses
  • school travel surveys, forces children census etc
  • Youth Service (was Connexions service) data exchange (in year 8)
  • information exchanged when moving between schools
  • exam entries and results

These are apart from the standard reasons mentioned in Data Protection legislation of:

  • protecting vulnerable individuals
  • the prevention and detection of crime

Schools should include copies of their privacy notices in enrolment documentation (as a minimum). This should include a link to their privacy policy at the bottom of forms that collect personal information. It is good practice to send regular reminders of privacy notices through:

  • articles in newsletters
  • school web pages
  • notices in the reception area

Many schools used to send out fair processing notices at the start of each academic year. These often linked to an annual data collection to ensure that the information held about pupils is correct. Schools can do the same with privacy notices if they wish.

At the age of 13, children are assumed, for most purposes, to have rights over their own information. They need to be aware of privacy notices and their rights to see their own record.

Schools may personalise the Example Privacy Notices to their own requirements.

The text in the outline privacy notice for parents/pupils that relates to the work of the Integrated Youth Service and the Learning Records Service is only necessary for secondary schools.

As well as the privacy notice, schools also need to ensure they meet any requirements placed on them by the GDPR about documenting their processing activities.

For more information please see the ICO’s website.