ABCDEFGHIJKLMNOPQRSTUVWXYZ
1
GDPR support for School Information Assets: Data Audit/Log
2
3
Please read important notes and comments
Options for dropdown menus - edit this list to change dropdown - caution needed if entries already made
4
5
Last updated:Data labelPurposeLegal basis for collection A *Legal basis for collection B *
6
Data Protection Officer (DPO):By:Public dataAccess to system(s)Not needed - not personal dataNot needed - not a special category
7
Data Controller:Personal* DataBusiness Continuity / communicationExplicit consentExplicit consent
8
Data Processor:Personal* / Financial DataTeaching and Learning /statutory returnsNeeded for a contractEmployment/social security/protection law
9
Special Categories of Personal Data*Legal obligationVital interests where consent impossible
10
Data held or collected by the schoolData label *Information Asset OwnerWho has role / access to enter informationWhere is the data kept?PurposeWho do we share with?Legal basis for collection A*
(IMPORTANT - you must be aware of this basis)		Legal basis for collection B*
(IMPORTANT - you must be aware of this basis)		If Consent selected in previous column, when is it sought?If Consent, where is record of consent stored?How long is data item kept / used for?*Safeguarding / Child ProtectionProtect vital interestsPolitical/philosophical/religious/TU organisation aim
11
 Information assets(Add your named person)Enter specific names for dedicated role holdersEnter as appropriate
(below are examples ONLY)		Choose from drop down / change as appropriateEnter as appropriate - examples are belowSelect from dropdown only for any data items that are Personal Data or Special CategoriesThis column is only needed for items under 'Special Categories', for which it must be completedE.g. when a student joins the roll / annually, etc.This might be online or offline but will also be secure and include time/date collectedEnter as appropriate
(below are examples ONLY)*		Safeguarding / SecurityPublic taskPersonal data manifestly made public by subject
12
Pupil data (within MIS)Sound financial managementFor establishment, exercise/defence of legal claims
13
Pupil recordsSpecial Categories of Personal Data*SAO/office administratorsIn MIS systemTeaching and Learning /statutory returnsDEPublic taskSubstantial public interestUntil child is 25 years old Substantial public interest
14
Welfare / Safeguarding / Child Protection dataSpecial Categories of Personal Data*Head / named child protection officerIn a locked filing cabinet in a secure roomTeaching and Learning /statutory returnsEAPublic taskSubstantial public interestDOB + 25 yearsPreventive or occupational medicine
15
SENSpecial Categories of Personal Data*SENCO/SAO / class teachers / Deputy
In a locked filing cabinet in a non-secure room
Teaching and Learning /statutory returnsParentsPublic taskSubstantial public interestDOB + 25 yearsPublic health in public interest
16
EALSpecial Categories of Personal Data*EAL Lead / administratorStaff laptopTeaching and Learning /statutory returnsEAPublic taskSubstantial public interestpart of pupil recordUntil child 25 years old
Archiving in public interest for scientific/historical research/statistical purposes
17
Exclusion, behaviourSpecial Categories of Personal Data*Class teacher / Pastoral tutor / Headteacher School network driveTeaching and Learning /statutory returnsSocial ServicesPublic taskSubstantial public interestpart of pupil record
18
Reports Special Categories of Personal Data*Class teacher / Pastoral tutor / Headteacher Cloud storageTeaching and Learning /statutory returnsHealth AgenciesPublic taskSubstantial public interestpart of pupil record
19
Examination results / Statutory AssessmentsSpecial Categories of Personal Data*Teachers / Exams Officer/Head of Dept.Encrypted, password protected USB driveTeaching and Learning /statutory returnsPolicePublic taskSubstantial public interestCurrent year + 6 years
20
Exams bodies exportsPersonal* DataTeachers / Exams Officer/Head of Dept.In MIS systemTeaching and Learning /statutory returnsAwarding BodiesNeeded for a contract
21
Exams exports for Fisher Family Trust System (FFT)Personal* DataTeachers / Exams Officer/Head of Dept.In MIS systemTeaching and Learning /statutory returnsAwarding BodiesNeeded for a contract
22
Attendance registersPersonal* DataClass teachers / office administratorsSafeguarding / Child ProtectionNamed Third PartiesPublic taskDate of entry + 3 years
23
Student photosSpecial Categories of Personal Data*SAO/office administrators / class teachersSafeguarding / Child Protectionretained on pupil record
24
Pupil AdmissionsSpecial Categories of Personal Data*SAO/office administratorsIn MIS systemTeaching and Learning /statutory returnsPublic taskSubstantial public interest
25
Other Admission dataPersonal* Data
26
Staff data (within MIS)
27
Staff Personnel FileSpecial Categories of Personal Data*SAO/office administratorsTeaching and learning /statutory returnsTermination of employment + 6 years
28
Performance / CPD dataPersonal* DataSAO/Bursar / DeputyTeaching and learning /statutory returnspart of personnel file
29
Staff absence dataSpecial Categories of Personal Data*SAO/ DeputyBusiness Continuity / communicationpart of personnel file
30
Staff photosSpecial Categories of Personal Data*SAO/office administratorsBusiness Continuity / communicationpart of personnel file
31
Employment DataSpecial Categories of Personal Data*SAO/office administratorsTeaching and learning /statutory returns
32
Other Personnel Data
33
Recruitment records for new headteacherSpecial Categories of Personal Data*SAO / Recruitment PanelBusiness Continuity / communicationDate of recruitment + 6 years
34
Recruitment of new staffSpecial Categories of Personal Data*SAO / Recruitment PanelBusiness Continuity / communicationDate of recruitment of successful candidate + 6 months
35
DBS / vetting checksSpecial Categories of Personal Data*Head / SAOBusiness Continuity / communicationNote of proof on personal file / physical copies > 6 months
36
Appraisal / CPD dataSpecial Categories of Personal Data*SAO/Bursar / DeputyTeaching and learning /statutory returnsCurent year + 5 years
37
Disciplinary and grievance recordsSpecial Categories of Personal Data*Head / SLT / PanelSafeguarding / SecurityDate of warning + 6-18 months / take advice
38
Allegation of a child protection matterSpecial Categories of Personal Data*Head / PanelSafeguarding / Child Protection
Until retirement (or 10 years from allegation if longer) / take advice
39
Malicious allegation of a child protection matterSpecial Categories of Personal Data*Head / PanelSafeguarding / Child ProtectionDispose at end of case / take advice
40
Health and safety assessmentsPublic dataH&S lead / teachersSafeguarding / SecurityDate of meeting + 3 years, then review
41
Health and safety accident reportsSpecial Categories of Personal Data*H&S lead / Head / site managerSafeguarding / Securitytake advice as depends on nature of event
42
Admissions papers (successful or unsuccessful)Personal* DataHead / SLTTeaching and Learning /statutory returnsDate of admissions or case resolution + 1 year
43
44
Student medical records and reportsSpecial Categories of Personal Data**Nurse / SLT / class teacherSafeguarding / Child ProtectionDOB + 25 years
45
Student social service records and reportsSpecial Categories of Personal Data**SS staff / SLT / class teacherSafeguarding / Child ProtectionDOB + 25 years
46
47
48
Financial matters
49
Annual accountsPersonal* / Financial DataSAO/BursarSound financial managementCurrent year + 6 years
50
Purchase Orders, Invoices, PaymentsPersonal* / Financial DataHead / DeputySound financial managementCurrent year + 6 years
51
Records around budget managementPersonal* / Financial DataSite manager / Bursar / SAO?Sound financial managementCurrent year + 3 years
52
Asset managementPersonal* / Financial DataSite manager / Bursar / SAO?Sound financial managementCurrent year + 6 years
53
School FundPersonal* / Financial DataBursar / Head / SAOSound financial managementCurrent year + 6 years
54
MIS ReportsPersonal* / Financial DataBursar / Head / SAO
55
FSM* - free school meals registersPersonal* / Financial DataBursar / Head / SAOSound financial managementCurrent year + 6 years
56
School meals registersPersonal* / Financial DataBursar / Head / SAOSound financial managementCurrent year + 3 years
57
Records relating to school lettingsPersonal* / Financial DataBursar / Head / SAOSound financial managementCurrent year + 6 years
58
Records relating to school maintenancePersonal* / Financial DataBursar / Head / SAOSound financial managementCurrent year + 6 years
59
60
Access control / passwords* into systems
61
Authorise data access / Nominated ContactsPersonal* DataHeadAccess to system(s)Until changes in personnel or in-line with password policy
62
Network administration / password listsPersonal* DataNetwork Manager / Support ProviderAccess to system(s)Until changes in personnel or in-line with password policy
63
Email managementPersonal* DataC2k Manager Access to system(s)Until changes in personnel or in-line with password policy
64
Web filtering management - WebsensePersonal* DataC2k ManagerAccess to system(s)Until changes in personnel or in-line with password policy
65
School website administrationPersonal* DataDesignated staff?Access to system(s)Until changes in personnel or in-line with password policy
66
Social media platforms, e.g. Twitter Personal* DataDesignated staff?Access to system(s)Until changes in personnel or in-line with password policy
67
Learning Platform password informationPersonal* DataC2k Manager MLE Key teacherAccess to system(s)Until changes in personnel or in-line with password policy
68
Securus -Online safegurding software Personal* DataC2k ManagerAccess to system(s)
69
70
Communications
71
Information added to websiteUnrestricted (public)Designated website administratorsBusiness Continuity / communicationUntil changes in personnel or in-line with password policy
72
Information added to social mediaUnrestricted (public)Designated social media administratorsBusiness Continuity / communicationUntil changes in personnel or in-line with password policy
73
Learning Platform contentUnrestricted (public)Designated LP lead and deputyTeaching and Learning /statutory returnsUntil changes in personnel or in-line with password policy
74
Parental messaging system correspondenceUnrestricted (public)Head / Deputy / SAOBusiness Continuity / communicationDate of correspondence + 3 years
75
Back-up media (where on site)Special Categories of Personal Data*SAO / Network manager / technicianBusiness Continuity / communicationDaily back-ups with back-ups up to one year
76
Back-up media in CloudSpecial Categories of Personal Data*EA / Network manager / technicianBusiness Continuity / communicationCheck Cloud providers' retention and deletion criteria
77
Emergency mobile phone loaded with data Special Categories of Personal Data*Head / Deputy / SAOBusiness Continuity / communicationWhilst staff in school and numbers valid
78
79
Governors
80
Governors' documents with sensitive contentSpecial Categories of Personal Data*Head / SAO / Chair / SLTBusiness Continuity / communicationDate of meeting + 10 years
81
Governors' standard published meeting documentsUnrestricted (public)Head / SAO / Chair / SLTBusiness Continuity / communicationDate of meeting + 6 years
82
Reports presented to Governors meetingSpecial Categories of Personal Data*Head / SAO / Chair / SLTBusiness Continuity / communicationDate of meeting + 6 years
83
Annual governors reportsUnrestricted (public)Head / SAO / Chair / SLTBusiness Continuity / communicationDate of meeting + 10 years
84
Annual parents’ meeting papersUnrestricted (public)Head / SAO / Chair / SLTBusiness Continuity / communicationDate of meeting + 6 years
85
Policies and plans adminstered by Governing bodyUnrestricted (public)Head / SLT / specialist teachersBusiness Continuity / communicationLife of policy + 3 years
86
87
Other T&L potentially sensitive material
(list not exhaustive)
88
Student photos* (not required for pupil record)Personal* DataClass teachers Teaching and learning /statutory returnsRelevant life of the photo / annual house-keeping
89
Staff photos* (not required for Personnel record)Personal* DataSAO/office administrators / staffBusiness Continuity / communicationRelevant life of the photo / annual house-keeping
90
Early Years assessments (not in core MIS)Special Categories of Personal Data*EYFS teachersTeaching and learning /statutory returnsCurrent year + 6 years
91
Student reports (not in core MIS)Special Categories of Personal Data*Class teachersTeaching and Learning /statutory returnsCurrent year + 6 years
92
Student assessments (not in core MIS)Special Categories of Personal Data*Class teachersTeaching and Learning /statutory returnsCurrent year + 6 years
93
Third Party comparative performance dataUnrestricted (public)Head / SLT /GovernorsTeaching and Learning /statutory returnsCurrent year + 6 years
94
95
96
Other operational potentially sensitive material
(list not exhaustive)
97
CCTV saved footageSpecial Categories of Personal Data*Third Party support / SLT?Safeguarding / Security90 days
98
Visitor signing-in book / management systemSpecial Categories of Personal Data*Office staff / Third Party support?Safeguarding / SecurityCurrent year + 6 years / review
99
Biometric system - registration Special Categories of Personal Data*Students / Third Party support?Safeguarding / SecurityDate of entry + 3 years
100
Biometric system - otherSpecial Categories of Personal Data*Students / Third Party support?