Sharing personal data
Who you can share personal data with and what consent you need to get 바카라 사이트 for example, when publishing exam results, taking photos in school and for immunisation programmes.
To keep children and young people safe in school, you need to share information appropriately, so the correct decisions can be made to protect them.
You must have a compelling reason to share their personal data. Sharing children바카라 사이트s data with third parties can expose them to unintended risks if not done properly. You should carry out a to assess any risk before sharing personal information about your pupils.
The Information Commissioner바카라 사이트s Office website includes . Any data you share must comply with their .
To keep children safe and make sure they get the support they need, you can share information with other schools and children바카라 사이트s social care teams. It바카라 사이트s not usually necessary to ask for consent to share personal information for the purposes of safeguarding a child.
Your designated safeguarding lead will decide if personal data needs to be shared. They should make sure they record:
- who they바카라 사이트re sharing that information with
- why they바카라 사이트re sharing the data
- whether they have consent from the pupil, parent or carer
Read working together to safeguard children to find out more information about sharing a pupil바카라 사이트s safeguarding file. You should also refer to the safeguarding section of keeping children safe in education.
Occasionally, you may need to share personal information about your pupils with local authorities, other schools or children바카라 사이트s services. For example:
- if a pupil shows signs of physical or mental abuse, you may need to pass this information on to children바카라 사이트s services
- another school may need to know which pupils will be at their sports day or on a joint school trip
Sharing information can help provide appropriate services that safeguard and promote the welfare of children. The Data Protection Act 2018 and UK GDPR provides a framework to make sure that personal information is shared appropriately.
Before you share any data, you must:
- consider all the legal implications
- check if you need permission to share the data
- confirm who needs the data, what data is needed and what they바카라 사이트ll use it for
- make sure that you have the ability to share the specified data securely
- check that the actions cannot be completed or verified without the data
You also have a statutory requirement to share personal data about your pupils with DfE through the school census. You do not need to get consent from pupils, parents or carers to share this data with us. You should provide information about what data you share in your school바카라 사이트s privacy notice. Privacy notice model documents suggest wording to explain to staff, parents, carers and pupils what data you바카라 사이트re collecting and sharing.
Schools may also need to share personal data about their staff with the local authority.
If a pupil moves to another school, you should transfer their records to the new school. This includes the pupil바카라 사이트s common transfer file and educational record. You must:
- make sure you transfer the data securely
- transfer the record within 15 days of getting confirmation the pupil is registered at another school
- be able to trace the record during the transfer
To securely share and transfer pupil records, you could:
- use the school to school (S2S) system
- send them to a named person using an encrypted email
- ask your local authority to transfer them
- deliver any paper records in person or ask the new school to collect them
If you바카라 사이트re organising a school trip with another school, you바카라 사이트ll need to share data with them to confirm which pupils are going. You may also need to share details such as dietary requirements or medical information to make sure pupils are safe. Where you already have consent for the information, make sure this also covers sharing it.
Before sharing any personal data, you need to identify the lawful basis. This may be consent from the individual. There may be some circumstances where it may not be appropriate to ask for consent, however. For example:
- if the individual cannot give consent
- it바카라 사이트s not reasonable to ask for consent
- when there바카라 사이트s a safeguarding concern
You바카라 사이트ll usually need to get the pupil바카라 사이트s consent to share their data if they바카라 사이트re aged 13 or over. If they바카라 사이트re under 13, you must get consent from whomever holds parental responsibility for the child.
Guidance on understanding and dealing with issues relating to parental responsibility is also available. The Information Commissioner바카라 사이트s Office has guidance to help you understand a .
How to get consent
You can get consent in different ways. It must be clear that the individual agrees to share their personal data and understands what they바카라 사이트re agreeing to. Do not use pre-ticked boxes or add disclaimers that state that, by not responding, they are agreeing to share their data. You should keep a record of:
- the consent
- when you got the consent
- how you got the consent 바카라 사이트 for example, keeping the letter you sent to parents or carers
When getting consent, you need to explain:
- what personal information you바카라 사이트re sharing
- why you바카라 사이트re sharing it
- who you바카라 사이트re sharing it with and what they바카라 사이트ll use it for
- how you바카라 사이트ll share their information
- the process for withdrawing consent
Any letters you send to parents or carers that ask for a reply slip that includes personal data should have a data protection statement. This could mean linking to a privacy notice or including information within the letter.
If you바카라 사이트re asking for consent from a pupil aged 13 or over, you must write your request so they can understand it and are clear about what they바카라 사이트re agreeing to.
Download an .
Case study: ensuring data subjects have their rights respected when using biometric data
If you use pupils바카라 사이트 biometric data as part of an automated biometric recognition system, such as using fingerprints to receive school meals instead of paying with cash, you must comply with the requirements of the Protection of Freedoms Act 2012.
That means following these steps.
-
In accordance with the child바카라 사이트s age or capacity, get written consent from at least one parent or carer before you take and process any biometric data from their child. See the section on consent over age of 13.
-
Provide an alternative means to access the relevant services for any pupil from whom you do not have consent. For example, pupils must be able to pay for school meals using cash at each transaction, if they wish.
-
Delete any relevant data already captured, if a parent or carer withdraws their consent.
If a pupil does not want their biometric data processed, you must not process it even if their parent or carer has given consent. This is required by law.
You also need to get consent from any staff members using the school바카라 사이트s biometric system. Staff can withdraw their consent at any time and you must then delete any relevant data already captured.
Guidance is available on protecting children바카라 사이트s biometric information in school.
Photos are used in school for many different reasons. You바카라 사이트ll need to identify the lawful basis for each different use of a photograph.
You should have a clear photo policy published alongside your privacy notice and provide copies of both to parents and carers.
You may be able to use photos in printed materials such as a prospectus or marketing materials under the . However, you need to provide pupils, parents or carers with an opportunity to object before you go to print.
You must get consent to share photos on your school바카라 사이트s social media channels or elsewhere online.
If you바카라 사이트re using a photo of a pupil, do not include their name unless you have specific consent to do so.
You should only use a photo in line with the consent provided. When you바카라 사이트re asking for consent, you should make it clear for how long you바카라 사이트ll use the photograph.
Photos used in identity management systems may be essential for performing the public task of the school, but you should delete them once a child is no longer a pupil at your school.
The Information Commissioner바카라 사이트s Office provides further guidance on .
Download an . This includes a section on taking and using photos of pupils in school.
UK GDPR does not stop schools from publishing exam results online or in the local press.
You do not need to get consent from pupils, parents or carers to publish exam results. However, you should tell pupils where and how their results will be published before they바카라 사이트re published. This gives them an opportunity to ask you to remove their results from the list should they wish to.
The Information Commissioner바카라 사이트s Office has more information about .
You will need to provide data to support immunisation programmes in your school. This includes:
- sharing information leaflets and consent forms with parents or carers
- providing a list of eligible children and young people, and their parent바카라 사이트s or carer바카라 사이트s contact details to the School Age Immunisation Service (SAIS) team
Sharing these contact details does not mean that a vaccine will be given. A parent or carer will need to give their consent for a vaccine to be given to their child.
There is a lawful basis for you to share information with school immunisation teams under article 6(1)(e) of UK GDPR. This states that the information can be shared if 바카라 사이트processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller 바카라 사이트.
This means that the school can share this information with immunisation programmes as it is in the public interest.
Sharing information with immunisation programmes is part of the exercise of a school바카라 사이트s official authority. Schools also have a duty to support wider public health.
Data protection laws do not prevent you from sharing personal data where it is appropriate to do so in a fair and lawful way, and in this instance it is beneficial to do so.