GDPR - Data Sharing Agreement
Orrets Meadow School
Information Sharing Protocol
for Outreach Services, including SENAAT.
Production Date: May 2018
Review Date: May 2019
Author: Jane Corrin
Orrets Meadow School Information Sharing Protocol
This is Orrets Meadow School’s Information Sharing protocol in relation to specialised outreach for children. The outreach service includes both the teaching service (Literacy and Numeracy) and the advice and assessment service (SENAAT). This document sets out what information can be shared and with whom. The purpose of this protocol is to make sure that good information governance practices are adhered to.
Background
Orrets Meadow School offers an outreach service to children. This service can be accessed by children from across Wirral-wide schools. With the advent of the General Data Protection Regulations (GDPR), this information sharing protocol has been drawn up. This protocol will give details relating to what information will be shared and by whom. The legal basis for the sharing of the information is the provision of outreach for special educational needs children.
Data Protection
Orrets Meadow School is registered under The Data Protection Act 1998 and the registration number is Z5752937. This registration will be mapped across to an Article 30 document when required by GDPR. The school have a named Data Protection Officer:
Jane Corrin
0151 666 4446
Personal Data
Information about children from across Wirral schools will be shared with Orrets Meadow School specifically when specialised outreach has been taken up. This information will consist of:
- Child’s Name
- Child’s Date of Birth
- School Name
- Special Educational Needs Information
- Assessment Information
- Attainment Information
- Medical information when deemed necessary
This information may be shared with Outreach Teachers, Head Teacher and Office Staff.
Appropriate Security Measures
Appropriate and secure technical and operational measures are in place to ensure the security of the information. These measures include:
- Staff are trained and aware of their responsibilities under Data Protection legislation
- Laptops follow bring your own device policy (BYOD)
- Pupil’s data and reports are stored on Google Drive, School Network or Encrypted pen
- Pupil’s reports are shared with school using secure methods; including secure internal mail, google drive, secure gmail, hand delivery or by encrypted pen drive.
Retention and Destruction
Pupil reports are deleted in line with School’s Retention & Destruction policy.
Outreach teaching – reports are kept for one term after the child exits the programme, then destroyed.
Senaat – reports are kept until the child leaves the school, then destroyed.