A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z | |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
1 | GDPR support for School Information Assets: Data Audit/Log | |||||||||||||||||||||||||
2 | ||||||||||||||||||||||||||
3 | Please read important notes and comments | Options for dropdown menus - edit this list to change dropdown - caution needed if entries already made | ||||||||||||||||||||||||
4 | ||||||||||||||||||||||||||
5 | Last updated: | Data label | Purpose | Legal basis for collection A * | Legal basis for collection B * | |||||||||||||||||||||
6 | Data Protection Officer (DPO): | By: | Public data | Access to system(s) | Not needed - not personal data | Not needed - not a special category | ||||||||||||||||||||
7 | Data Controller: | Personal* Data | Business Continuity / communication | Explicit consent | Explicit consent | |||||||||||||||||||||
8 | Data Processor: | Personal* / Financial Data | Teaching and Learning /statutory returns | Needed for a contract | Employment/social security/protection law | |||||||||||||||||||||
9 | Special Categories of Personal Data* | Legal obligation | Vital interests where consent impossible | |||||||||||||||||||||||
10 | Data held or collected by the school | Data label * | Information Asset Owner | Who has role / access to enter information | Where is the data kept? | Purpose | Who do we share with? | Legal basis for collection A* (IMPORTANT - you must be aware of this basis) | Legal basis for collection B* (IMPORTANT - you must be aware of this basis) | If Consent selected in previous column, when is it sought? | If Consent, where is record of consent stored? | How long is data item kept / used for?* | Safeguarding / Child Protection | Protect vital interests | Political/philosophical/religious/TU organisation aim | |||||||||||
11 | Information assets | (Add your named person) | Enter specific names for dedicated role holders | Enter as appropriate (below are examples ONLY) | Choose from drop down / change as appropriate | Enter as appropriate - examples are below | Select from dropdown only for any data items that are Personal Data or Special Categories | This column is only needed for items under 'Special Categories', for which it must be completed | E.g. when a student joins the roll / annually, etc. | This might be online or offline but will also be secure and include time/date collected | Enter as appropriate (below are examples ONLY)* | Safeguarding / Security | Public task | Personal data manifestly made public by subject | ||||||||||||
12 | Pupil data (within MIS) | Sound financial management | For establishment, exercise/defence of legal claims | |||||||||||||||||||||||
13 | Pupil records | Special Categories of Personal Data* | SAO/office administrators | In MIS system | Teaching and Learning /statutory returns | DE | Public task | Substantial public interest | Until child is 25 years old | Substantial public interest | ||||||||||||||||
14 | Welfare / Safeguarding / Child Protection data | Special Categories of Personal Data* | Head / named child protection officer | In a locked filing cabinet in a secure room | Teaching and Learning /statutory returns | EA | Public task | Substantial public interest | DOB + 25 years | Preventive or occupational medicine | ||||||||||||||||
15 | SEN | Special Categories of Personal Data* | SENCO/SAO / class teachers / Deputy | In a locked filing cabinet in a non-secure room | Teaching and Learning /statutory returns | Parents | Public task | Substantial public interest | DOB + 25 years | Public health in public interest | ||||||||||||||||
16 | EAL | Special Categories of Personal Data* | EAL Lead / administrator | Staff laptop | Teaching and Learning /statutory returns | EA | Public task | Substantial public interest | part of pupil record | Until child 25 years old | Archiving in public interest for scientific/historical research/statistical purposes | |||||||||||||||
17 | Exclusion, behaviour | Special Categories of Personal Data* | Class teacher / Pastoral tutor / Headteacher | School network drive | Teaching and Learning /statutory returns | Social Services | Public task | Substantial public interest | part of pupil record | |||||||||||||||||
18 | Reports | Special Categories of Personal Data* | Class teacher / Pastoral tutor / Headteacher | Cloud storage | Teaching and Learning /statutory returns | Health Agencies | Public task | Substantial public interest | part of pupil record | |||||||||||||||||
19 | Examination results / Statutory Assessments | Special Categories of Personal Data* | Teachers / Exams Officer/Head of Dept. | Encrypted, password protected USB drive | Teaching and Learning /statutory returns | Police | Public task | Substantial public interest | Current year + 6 years | |||||||||||||||||
20 | Exams bodies exports | Personal* Data | Teachers / Exams Officer/Head of Dept. | In MIS system | Teaching and Learning /statutory returns | Awarding Bodies | Needed for a contract | |||||||||||||||||||
21 | Exams exports for Fisher Family Trust System (FFT) | Personal* Data | Teachers / Exams Officer/Head of Dept. | In MIS system | Teaching and Learning /statutory returns | Awarding Bodies | Needed for a contract | |||||||||||||||||||
22 | Attendance registers | Personal* Data | Class teachers / office administrators | Safeguarding / Child Protection | Named Third Parties | Public task | Date of entry + 3 years | |||||||||||||||||||
23 | Student photos | Special Categories of Personal Data* | SAO/office administrators / class teachers | Safeguarding / Child Protection | retained on pupil record | |||||||||||||||||||||
24 | Pupil Admissions | Special Categories of Personal Data* | SAO/office administrators | In MIS system | Teaching and Learning /statutory returns | Public task | Substantial public interest | |||||||||||||||||||
25 | Other Admission data | Personal* Data | ||||||||||||||||||||||||
26 | Staff data (within MIS) | |||||||||||||||||||||||||
27 | Staff Personnel File | Special Categories of Personal Data* | SAO/office administrators | Teaching and learning /statutory returns | Termination of employment + 6 years | |||||||||||||||||||||
28 | Performance / CPD data | Personal* Data | SAO/Bursar / Deputy | Teaching and learning /statutory returns | part of personnel file | |||||||||||||||||||||
29 | Staff absence data | Special Categories of Personal Data* | SAO/ Deputy | Business Continuity / communication | part of personnel file | |||||||||||||||||||||
30 | Staff photos | Special Categories of Personal Data* | SAO/office administrators | Business Continuity / communication | part of personnel file | |||||||||||||||||||||
31 | Employment Data | Special Categories of Personal Data* | SAO/office administrators | Teaching and learning /statutory returns | ||||||||||||||||||||||
32 | Other Personnel Data | |||||||||||||||||||||||||
33 | Recruitment records for new headteacher | Special Categories of Personal Data* | SAO / Recruitment Panel | Business Continuity / communication | Date of recruitment + 6 years | |||||||||||||||||||||
34 | Recruitment of new staff | Special Categories of Personal Data* | SAO / Recruitment Panel | Business Continuity / communication | Date of recruitment of successful candidate + 6 months | |||||||||||||||||||||
35 | DBS / vetting checks | Special Categories of Personal Data* | Head / SAO | Business Continuity / communication | Note of proof on personal file / physical copies > 6 months | |||||||||||||||||||||
36 | Appraisal / CPD data | Special Categories of Personal Data* | SAO/Bursar / Deputy | Teaching and learning /statutory returns | Curent year + 5 years | |||||||||||||||||||||
37 | Disciplinary and grievance records | Special Categories of Personal Data* | Head / SLT / Panel | Safeguarding / Security | Date of warning + 6-18 months / take advice | |||||||||||||||||||||
38 | Allegation of a child protection matter | Special Categories of Personal Data* | Head / Panel | Safeguarding / Child Protection | Until retirement (or 10 years from allegation if longer) / take advice | |||||||||||||||||||||
39 | Malicious allegation of a child protection matter | Special Categories of Personal Data* | Head / Panel | Safeguarding / Child Protection | Dispose at end of case / take advice | |||||||||||||||||||||
40 | Health and safety assessments | Public data | H&S lead / teachers | Safeguarding / Security | Date of meeting + 3 years, then review | |||||||||||||||||||||
41 | Health and safety accident reports | Special Categories of Personal Data* | H&S lead / Head / site manager | Safeguarding / Security | take advice as depends on nature of event | |||||||||||||||||||||
42 | Admissions papers (successful or unsuccessful) | Personal* Data | Head / SLT | Teaching and Learning /statutory returns | Date of admissions or case resolution + 1 year | |||||||||||||||||||||
43 | ||||||||||||||||||||||||||
44 | Student medical records and reports | Special Categories of Personal Data** | Nurse / SLT / class teacher | Safeguarding / Child Protection | DOB + 25 years | |||||||||||||||||||||
45 | Student social service records and reports | Special Categories of Personal Data** | SS staff / SLT / class teacher | Safeguarding / Child Protection | DOB + 25 years | |||||||||||||||||||||
46 | ||||||||||||||||||||||||||
47 | ||||||||||||||||||||||||||
48 | Financial matters | |||||||||||||||||||||||||
49 | Annual accounts | Personal* / Financial Data | SAO/Bursar | Sound financial management | Current year + 6 years | |||||||||||||||||||||
50 | Purchase Orders, Invoices, Payments | Personal* / Financial Data | Head / Deputy | Sound financial management | Current year + 6 years | |||||||||||||||||||||
51 | Records around budget management | Personal* / Financial Data | Site manager / Bursar / SAO? | Sound financial management | Current year + 3 years | |||||||||||||||||||||
52 | Asset management | Personal* / Financial Data | Site manager / Bursar / SAO? | Sound financial management | Current year + 6 years | |||||||||||||||||||||
53 | School Fund | Personal* / Financial Data | Bursar / Head / SAO | Sound financial management | Current year + 6 years | |||||||||||||||||||||
54 | MIS Reports | Personal* / Financial Data | Bursar / Head / SAO | |||||||||||||||||||||||
55 | FSM* - free school meals registers | Personal* / Financial Data | Bursar / Head / SAO | Sound financial management | Current year + 6 years | |||||||||||||||||||||
56 | School meals registers | Personal* / Financial Data | Bursar / Head / SAO | Sound financial management | Current year + 3 years | |||||||||||||||||||||
57 | Records relating to school lettings | Personal* / Financial Data | Bursar / Head / SAO | Sound financial management | Current year + 6 years | |||||||||||||||||||||
58 | Records relating to school maintenance | Personal* / Financial Data | Bursar / Head / SAO | Sound financial management | Current year + 6 years | |||||||||||||||||||||
59 | ||||||||||||||||||||||||||
60 | Access control / passwords* into systems | |||||||||||||||||||||||||
61 | Authorise data access / Nominated Contacts | Personal* Data | Head | Access to system(s) | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
62 | Network administration / password lists | Personal* Data | Network Manager / Support Provider | Access to system(s) | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
63 | Email management | Personal* Data | C2k Manager | Access to system(s) | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
64 | Web filtering management - Websense | Personal* Data | C2k Manager | Access to system(s) | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
65 | School website administration | Personal* Data | Designated staff? | Access to system(s) | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
66 | Social media platforms, e.g. Twitter | Personal* Data | Designated staff? | Access to system(s) | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
67 | Learning Platform password information | Personal* Data | C2k Manager MLE Key teacher | Access to system(s) | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
68 | Securus -Online safegurding software | Personal* Data | C2k Manager | Access to system(s) | ||||||||||||||||||||||
69 | ||||||||||||||||||||||||||
70 | Communications | |||||||||||||||||||||||||
71 | Information added to website | Unrestricted (public) | Designated website administrators | Business Continuity / communication | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
72 | Information added to social media | Unrestricted (public) | Designated social media administrators | Business Continuity / communication | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
73 | Learning Platform content | Unrestricted (public) | Designated LP lead and deputy | Teaching and Learning /statutory returns | Until changes in personnel or in-line with password policy | |||||||||||||||||||||
74 | Parental messaging system correspondence | Unrestricted (public) | Head / Deputy / SAO | Business Continuity / communication | Date of correspondence + 3 years | |||||||||||||||||||||
75 | Back-up media (where on site) | Special Categories of Personal Data* | SAO / Network manager / technician | Business Continuity / communication | Daily back-ups with back-ups up to one year | |||||||||||||||||||||
76 | Back-up media in Cloud | Special Categories of Personal Data* | EA / Network manager / technician | Business Continuity / communication | Check Cloud providers' retention and deletion criteria | |||||||||||||||||||||
77 | Emergency mobile phone loaded with data | Special Categories of Personal Data* | Head / Deputy / SAO | Business Continuity / communication | Whilst staff in school and numbers valid | |||||||||||||||||||||
78 | ||||||||||||||||||||||||||
79 | Governors | |||||||||||||||||||||||||
80 | Governors' documents with sensitive content | Special Categories of Personal Data* | Head / SAO / Chair / SLT | Business Continuity / communication | Date of meeting + 10 years | |||||||||||||||||||||
81 | Governors' standard published meeting documents | Unrestricted (public) | Head / SAO / Chair / SLT | Business Continuity / communication | Date of meeting + 6 years | |||||||||||||||||||||
82 | Reports presented to Governors meeting | Special Categories of Personal Data* | Head / SAO / Chair / SLT | Business Continuity / communication | Date of meeting + 6 years | |||||||||||||||||||||
83 | Annual governors reports | Unrestricted (public) | Head / SAO / Chair / SLT | Business Continuity / communication | Date of meeting + 10 years | |||||||||||||||||||||
84 | Annual parents’ meeting papers | Unrestricted (public) | Head / SAO / Chair / SLT | Business Continuity / communication | Date of meeting + 6 years | |||||||||||||||||||||
85 | Policies and plans adminstered by Governing body | Unrestricted (public) | Head / SLT / specialist teachers | Business Continuity / communication | Life of policy + 3 years | |||||||||||||||||||||
86 | ||||||||||||||||||||||||||
87 | Other T&L potentially sensitive material (list not exhaustive) | |||||||||||||||||||||||||
88 | Student photos* (not required for pupil record) | Personal* Data | Class teachers | Teaching and learning /statutory returns | Relevant life of the photo / annual house-keeping | |||||||||||||||||||||
89 | Staff photos* (not required for Personnel record) | Personal* Data | SAO/office administrators / staff | Business Continuity / communication | Relevant life of the photo / annual house-keeping | |||||||||||||||||||||
90 | Early Years assessments (not in core MIS) | Special Categories of Personal Data* | EYFS teachers | Teaching and learning /statutory returns | Current year + 6 years | |||||||||||||||||||||
91 | Student reports (not in core MIS) | Special Categories of Personal Data* | Class teachers | Teaching and Learning /statutory returns | Current year + 6 years | |||||||||||||||||||||
92 | Student assessments (not in core MIS) | Special Categories of Personal Data* | Class teachers | Teaching and Learning /statutory returns | Current year + 6 years | |||||||||||||||||||||
93 | Third Party comparative performance data | Unrestricted (public) | Head / SLT /Governors | Teaching and Learning /statutory returns | Current year + 6 years | |||||||||||||||||||||
94 | ||||||||||||||||||||||||||
95 | ||||||||||||||||||||||||||
96 | Other operational potentially sensitive material (list not exhaustive) | |||||||||||||||||||||||||
97 | CCTV saved footage | Special Categories of Personal Data* | Third Party support / SLT? | Safeguarding / Security | 90 days | |||||||||||||||||||||
98 | Visitor signing-in book / management system | Special Categories of Personal Data* | Office staff / Third Party support? | Safeguarding / Security | Current year + 6 years / review | |||||||||||||||||||||
99 | Biometric system - registration | Special Categories of Personal Data* | Students / Third Party support? | Safeguarding / Security | Date of entry + 3 years | |||||||||||||||||||||
100 | Biometric system - other | Special Categories of Personal Data* | Students / Third Party support? |