Scoil Chaitríona Naíonáin Data Protection Policy

Scoil Chaitríona Naíonáin

Measc Avenue

Coolock

Dublin 5

Introduction

This Data Protection Policy applies to the personal data held by Scoil Chaitríona Naíonáin which is protected by the Data Protection Acts 1988 to 2018 and the EU General Data Protection Regulation (GDPR).

The policy applies to all school staff, the Board of Management, parents/guardians, students and others (including prospective or potential students and their parents/guardians and applicants for staff positions within the school) insofar as the measures under this Policy relate to them. Data will be stored securely, so that confidential information is protected in compliance with relevant legislation. This policy sets out the manner in which personal data and sensitive personal data will be protected by the school.

Scoil Chaitríona Naíonáin operates a “Privacy by Design” method in relation to Data Protection. This means we plan carefully when gathering personal data so that we build in the data protection principles as integral elements of all data operations in advance. We audit the personal data we hold in order to

  1. be able to provide access to individuals to their data
  2. ensure it is held securely
  3. document our data protection procedures
  4. enhance accountability and transparency

 

Data Protection Principles

The school is a data controller of personal data relating to its past, present and future staff, students, parents/guardians and other members of the school community. As such, the school is obliged to comply with the principles of data protection set out in the Data Protection Acts 1988 to 2003 and GDPR, which can be summarised as follows:

  • Obtain and process Personal Data fairly: Information on students is gathered with the help of parents/guardians and staff. Information is also transferred from their previous schools. The information will be obtained and processed fairly.

 

  • Consent: Where consent is the basis for provision of personal data, (e.g. data required to partake in individual and class photographs/sponsored walks/ school tours or any other optional school activity) the consent must be a freely-given, specific, informed and unambiguous indication of the data subject’s wishes. Scoil Chaitríona Naíonáin will require a clear, affirmative action e.g. ticking of a box/signing a document or completing a consent form on Aladdin to indicate consent. Consent can be withdrawn by data subjects in these situations.

 

  • Keep it only for one or more specified and explicit lawful purposes: The School will inform individuals of the reasons they collect their data and will inform individuals of the uses to which their data will be put.

 

  • Process it only in ways compatible with the purposes for which it was given initially: Data relating to individuals will only be processed in a manner consistent with the purposes for which it was gathered. Information will only be disclosed on a need to know basis, and access to it will be strictly controlled.

 

  • Keep Personal Data safe and secure: Only those with a genuine reason for doing so may gain access to the information. Sensitive or ‘Special Categories’ of Personal Data is securely stored under lock and key in the case of manual records and protected with password protection in the case of electronically stored data. Portable devices storing personal data (such as laptops) should be encrypted and password protected before they are removed from the school premises. Confidential information will be stored securely and in relevant circumstances, it will be placed in a separate file which can easily be removed if access to general records is granted to anyone not entitled to see the confidential data.

 

  • Keep Personal Data accurate, complete and up-to-date: Students, parents/guardians, and/or staff should inform the school of any change which the school should make to their personal data and/or sensitive personal data to ensure that the individual’s data is accurate, complete and up-to-date.

 

  • Ensure that it is adequate, relevant and not excessive: Only the necessary amount of information required to provide an adequate service will be gathered and stored.

 

  • Retain it no longer than is necessary for the specified purpose or purposes for which it was given: As a general rule, the information will be kept for the duration of the individual’s time in the school. Thereafter, the school will comply with DES guidelines on the storage of Personal Data and Sensitive Personal Data relating to a student. In the case of members of staff, the school will comply with both DES guidelines and the requirements of the Revenue Commissioners with regard to the retention of records relating to employees.  The school may also retain the data relating to an individual for a longer length of time for the purposes of complying with relevant provisions of law and or/defending a claim under employment legislation and/or contract and/or civil law.

 

  • Provide a copy of their personal data to any individual, on request: Individuals have a right to know what personal data/sensitive personal data is held about them, by whom, and the purpose for which it is held.

 

Scope

Purpose of the Policy: The Data Protection Acts 1988 and 2003 and the EU General Data Protection Regulation (GDPR) apply to the keeping and processing of Personal Data, both in manual and electronic form. The purpose of this policy is to assist the school to meet its statutory obligations, to explain those obligations to School staff, and to inform staff, students and their parents/guardians how their data will be treated.

The policy applies to all school staff, the board of management, parents/guardians, students and others (including prospective or potential students and their parents/guardians, and applicants for staff positions within the school) insofar as the school handles or processes their Personal Data in the course of their dealings with the school.

 

Definition of Data Protection Terms

In order to properly understand the school’s obligations, there are some key terms, which should be understood by all relevant school staff:

  • Data means information in a form that can be processed. It includes both automated data (e.g. electronic data) and manual data. Automated data means any information on computer, or information recorded with the intention that it be processed by computer. Manual data means information that is kept/recorded as part of a relevant filing system or with the intention that it form part of a relevant filing system.

 

  • Data Controller for the purpose of this policy is the Board of Management of Scoil Chaitríona Naíonáin.

 

  • Data Subjectis an individual who is the subject of personal data

 

 

  • Personal Data means any data relating to an identified or identifiable natural person i.e. a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the Data Controller (BoM).

 

  • Special categories of Personal Data refers to Personal Data regarding a person’s

 

  • racial or ethnic origin
  • political opinions or religious or philosophical beliefs
  • physical or mental health
  • sexual life and sexual orientation
  • genetic and biometric data
  • criminal convictions or the alleged commission of an offence
  • trade union membership

 

 

  • Data Processing – performing any operation or set of operations on data, including:
  • Obtaining, recording or keeping the data,
  • Collecting, organising, storing, altering or adapting the data
  • Retrieving, consulting or using the data
  • Disclosing the data by transmitting, disseminating or otherwise making it available
  • Aligning, combining, blocking, erasing or destroying the data

 

  • Data Processor – a person who processes personal information on behalf of a data controller, but does not include an employee of a data controller who processes such data in the course of their employment, for example, this might mean an employee of an organisation to which the data controller out-sources work. The Data Protection legislation places responsibilities on such entities in relation to their processing of the data. The Data Processors used in Scoil Chaitríona Naíonáin are Aladdin, Seesaw; OLCS, POD, School accounting/wages processors;]

 

Special Categories of Personal Data refers to Personal Data regarding a person’s

  • Racial or ethnic origin.
  • Political opinions or religious or philosophical beliefs.
  • Physical or mental health.
  • Sexual life and sexual orientation.
  • Genetic and biometric data.
  • Criminal convictions or the alleged commission of an offence.
  • Trade union membership.

 

  • Personal Data Breacha breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data transmitted, stored or otherwise processed. This means any compromise or loss of personal data, no matter how or where it occurs.

 

Rationale

In addition to its legal obligations under the broad remit of educational legislation, Scoil Chaitríona Naíonáin has a legal responsibility to comply with the Data Protection Acts 1988 to 2018 and the GDPR.

 

This policy explains what sort of data is collected, why it is collected, for how long it will be stored and with whom it will be shared.  As more and more data is generated electronically and as technological advances enable the easy distribution and retention of this data, the challenge of meeting the school’s legal responsibilities has increased.

The school takes its responsibilities under data protection law very seriously and wishes to put in place safe practices to safeguard individual’s personal data. It is also recognised that recording factual information accurately and storing it safely facilitates an evaluation of the information, enabling the Principal and Board of Management to make decisions in respect of the efficient running of the School. The efficient handling of data is also essential to ensure that there is consistency and continuity where there are changes of personnel within the school and Board of Management.

 

Other Legal Obligations

Implementation of this policy takes into account the school’s other legal obligations and responsibilities. Some of these are directly relevant to data protection. For example:

 

  • Under Section 9(g) of the Education Act, 1998, the parents of a student, or a student who has reached the age of 18 years, must be given access to records kept by the school relating to the progress of the student in their education

 

 

  • Under Section 20(5) of the Education (Welfare) Act, 2000, a Principal is obliged to notify certain information relating to the child’s attendance in school and other matters relating to the child’s educational progress to the Principal of another school to which a student is transferring.

 

  • Where reports on pupils which have been completed by professionals, apart from Scoil Chaitríona Naoínáin staff, are included in current pupil files, such reports are only passed to the Senior Primary school following express written permission having been sought and received from the parents of the said pupils.

 

 

  • Under Section 21 of the Education (Welfare) Act, 2000, the school must record the attendance or non-attendance of students registered at the school on each school day.

 

  • Under Section 28 of the Education (Welfare) Act, 2000, the School may supply Personal Data kept by it to certain prescribed bodies (the Department of Education and Skills, Tusla, the National Council for Special Education and other schools). The BoM must be satisfied that it will be used for a ‘relevant purpose’ (which includes recording a person’s educational or training history or monitoring their educational or training progress; or for carrying out research into examinations, participation in education and the general effectiveness of education or training)

 

  • Under Section 14 of the Education for Persons with Special Educational Needs Act, 2004, the school is required to furnish to the National Council for Special Education (and its employees, which would include Special Educational Needs Organisers) such information as the Council may from time to time reasonably request.

 

  • The Freedom of Information Act 2014 provides a qualified right to access to information held by public bodies which does not necessarily have to be “personal data”, as with data protection legislation. While most schools are not currently subject to freedom of information legislation, (with the exception of schools under the direction of Education and Training Boards), if a school has furnished information to a body covered by the Freedom of Information Act (such as the Department of Education and Skills, etc.) these records could be disclosed by that body if a request is made to that body.

 

  • Under Section 26(4) of the Health Act, 1947 a School shall cause all reasonable facilities (including facilities for obtaining names and addresses of pupils attending the school) to be given to a health authority who has served a notice on it of medical inspection, e.g. a dental inspection.

 

  • Under Children First Act 2015, mandated persons in schools have responsibilities to report child welfare concerns to TUSLA- Child and Family Agency (or in the event of an emergency and the unavailability of TUSLA, to An Garda Síochána)

 

Relationship to characteristic spirit of  Scoil Chaitríona Naoínáin’s  mission/vision/aims

Scoil Chaitríona Naoínáin seeks to

  • enable each student to develop their full potential
  • provide a safe and secure environment for learning
  • promote respect for the diversity of values, beliefs, traditions, languages and ways of life in society.

We aim to achieve these goals while respecting the privacy and data protection rights of students, staff, parents/guardians and others who interact with us. The school wishes to achieve these aims/missions while fully respecting individuals’ rights to privacy and rights under the Data Protection Acts and GDPR.

 

Personal Data

The Personal Data records held by the school may include:

 

1.        Staff records:

 

  1. Categories of staff data:

As well as existing members of staff (and former members of staff), these records may also relate to applicants applying for positions within the school, trainee teachers and teachers under probation. These staff records may include:

  • Name, address and contact details, PPS number.
  • Name and contact details of next-of-kin in case of emergency.
  • Original records of application and appointment to promotion posts
  • Details of approved absences (career breaks, parental leave, study leave, etc.)
  • Details of work record (qualifications, classes taught, subjects, etc.)
  • Details of any accidents/injuries sustained on school property or in connection with the staff member carrying out their school duties
  • Records of any reports the school (or its employees) have made in respect of the staff member to State departments and/or other agencies under Children First Act 2015.

 

  1. Purposes:

Staff records are kept for the purposes of:

  • the management and administration of school business (now and in the future)
  • to facilitate the payment of staff, and calculate other benefits/entitlements (including reckonable service for the purpose of calculation of pension payments, entitlements and/or redundancy payments where relevant)
  • to facilitate pension payments in the future
  • human resources management
  • recording promotions made (documentation relating to promotions applied for) and changes in responsibilities, etc.
  • to enable the school to comply with its obligations as an employer, including the preservation of a safe, efficient working and teaching environment (including complying with its responsibilities under the Safety, Health and Welfare at Work Act 2005)
  • to enable the school to comply with requirements set down by the Department of Education and Skills, the Revenue Commissioners, the National Council for Special Education, TUSLA, the HSE, and any other governmental, statutory and/or regulatory departments and/or agencies
  • and for compliance with legislation relevant to the school.

 

  1. Location and Security procedures of Scoil Chaitríona Naíonáin:
    1. Manual records are kept in a secure, strong room only accessible to personnel who are authorised to use the data. Employees are required to maintain the confidentiality of any data to which they have access.
    2. Digital records are stored on password-protected computer with adequate encryption and firewall software in a locked office. The school has the burglar alarm activated during out-of-school hours.

 

2.        Student records:

 

  1. Categories of student data:

These may include:

  • Information which may be sought and recorded at enrolment and may be collated and compiled during the course of the student’s time in the school. These records may include:
    • name, address and contact details, PPS number
    • date and place of birth
    • names and addresses of parents/guardians and their contact details (including any special arrangements with regard to guardianship, custody or access)
    • religious belief
    • racial or ethnic origin
    • membership of the Traveller community, where relevant
    • whether they (or their parents) are medical card holders
    • whether English is the student’s first language and/or whether the student requires English language support
    • any relevant special conditions (e.g. special educational needs, health issues, ) which may apply
  • Information on previous academic record (including reports, references, assessments and other records from any previous school(s) attended by the student
  • Psychological, psychiatric and/or medical assessments
  • Attendance records
  • Photographs and recorded images of students (including at school events and noting achievements) are managed in line with the accompanying policy on acceptable ‘Internet Acceptable Use Policy.’
  • Academic record – examination results as recorded on official School reports
  • Records of significant achievements
  • Records of disciplinary issues/investigations and/or sanctions imposed
  • Other records e.g. records of any serious injuries/accidents, etc. (Parents are informed when a particular incident has been recorded).
  • Records of any reports the school (or its employees) have made in respect of the student to State Departments and/or other agencies under Children First Act 2015.

 

  1. Purposes: The purposes for keeping student records include:
  • to enable each student to develop to his/her full potential
  • to comply with legislative or administrative requirements
  • to ensure that eligible students can benefit from the relevant additional teaching or financial supports
  • to support the provision of religious instruction
  • to enable parents/guardians to be contacted in the case of emergency or in the case of school closure, or to inform parents of their child’s educational progress or to inform parents of school events, etc.
  • to meet the educational, social, physical and emotional requirements of the student .
  • photographs and recorded images of students are taken to celebrate school achievements, e.g. establish a school website, record school events, and to keep a record of the history of the school. Such records are taken and used in accordance with the Internet Acceptable Use Policy.’
  • to ensure that the student meets the school’s admission criteria
  • to ensure that students meet the minimum age requirement for attendance at Primary School.
  • to furnish documentation/information about the student to the Department of Education and Skills, the National Council for Special Education, TUSLA, and other schools, etc. in compliance with law and directions issued by government departments
  • to furnish, when requested by the student (or their parents/guardians in the case of a student under 18 years) documentation/information/references to second-level educational institutions.

 

  1. (Location and Security procedures as above):

 

3.        Board of Management records:

 

  1. Categories of Board of Management data:
  • Name, address and contact details of each member of the Board of Management (including former members of the Board of Management)
  • Records in relation to appointments to the Board
  • Minutes of Board of Management meetings and correspondence to the Board which may include references to individuals.

 

  1. Purposes:

To enable the Board of Management to operate in accordance with the Education Act 1998 and other applicable legislation and to maintain a record of Board appointments and decisions.

 

  1. (Location and Security procedures as above):

 

4.        Other Records: Creditors

  1. Categories of Board of Management data:

The school may hold some or all of the following information about creditors (some of whom are self-employed individuals):

  • name
  • address
  • contact details
  • PPS number
  • tax details
  • bank details and
  • amount paid

 

  1. Purposes: The purposes for keeping creditor records are:

This information is required for routine management and administration of the school’s financial affairs, including the payment of invoices, the compiling of annual financial accounts and complying with audits and investigations by the Revenue Commissioners.

  1. (Location and Security procedures as above):

 

 

5.        Other Records: Charity Tax-back Forms

  1. Categories of Board of Management data:

The school may hold the following data in relation to donors who have made charitable donations to the school:

  • name
  • address
  • telephone number
  • PPS number
  • tax rate
  • signature and
  • the gross amount of the donation.

 

  1. Purposes: The purposes for keeping creditor records are:

Schools are entitled to avail of the scheme of tax relief for donations of money they receive. To claim the relief, the donor must complete a certificate (CHY2) and forward it to the school to allow it to claim the grossed up amount of tax associated with the donation. The information requested on the appropriate certificate is the parents’ name, address, PPS number, tax rate, telephone number, signature and the gross amount of the donation. This is retained by the School in the event of audit by the Revenue Commissioners.

  1. (Location and Security procedures as above):

 

 

CCTV images/ recordings

CCTV is installed in Scoil Chaitríona Naíonáin.

  • cameras are installed externally e.g. at the main entrance and the perimeter walls.

These CCTV systems may record images of staff, students and members of the public who visit the premises.

The viewing station is in the main school administration office.

 

Purposes:

Safety and security of staff, students and visitors and to safeguard school property and equipment.

 

Security:

Access to images/recordings is restricted to the Principal and Deputy Principal of the school.  Recordings are retained for 28 days, except if required for the investigation of an incident. Images/recordings may be viewed or made available to An Garda Síochána pursuant to Data Protection Acts legislation.

 

 

Examination Results

The school will hold data comprising examination results in respect of its students.  These include class, mid-term, annual and continuous assessment results and the results of Standardised Tests

 

Purposes:

The main purpose for which these examination results are held is to monitor a student’s progress and to provide a sound basis for advising them and their parents or guardian about educational attainment levels and recommendations for the future. The data may also be aggregated for statistical/reporting purposes, such as to compile results tables.  The data may be transferred to the Department of Education and Skills, the National Council for Curriculum and Assessment and other schools to which pupils move.

 

Location and Security procedures

As above

 

Links to other polices and to curriculum delivery

Our school policies need to be consistent with one another, within the framework of the overall School Plan. Relevant school policies already in place or being developed or reviewed, shall be examined with reference to the Data Protection Policy and any implications which it has for them shall be addressed.

 

The following policies may be among those considered:

  • Child Protection Procedures
  • Anti-Bullying Procedures
  • Code of Behaviour
  • Enrolment Policy
  • ICT Acceptable Usage Policy
  • Assessment Policy
  • Special Educational Needs Policy
  • Critical Incident Policy
  • Attendance Policy
  • Whistleblower Policy
  • Protected Disclosures
  • Substance Use Policy
  • Health and Safety Policy
  • Covid 19 Response Plan

 

Processing in line with Data Subject’s Rights

Data in this Scoil Chaitríona Naíonáin will be processed in line with the data subject’s rights.

Data subjects have a right to:

  • Know what personal data the school is keeping on them
  • Request access to any data held about them by a data controller
  • Prevent the processing of their data for direct-marketing purposes
  • Ask to have inaccurate data amended
  • Ask to have data erased once it is no longer necessary or irrelevant.

Data Processors

Where the school outsources to a data processor off-site, it is required by law to have a written contract in place (Written Third party service agreement).

Scoil Chaitríona Naíonáin third party agreement specifies the conditions under which the data may be processed, the security conditions attaching to the processing of the data and that the data must be deleted or returned upon completion or termination of the contract.

 

Personal Data Breaches

All incidents in which personal data has been put at risk must be reported to the Office of the Data Protection Commissioner within 72 hours.

When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the BoM must communicate the personal data breach to the data subject without undue delay.

If a data processor becomes aware of a personal data breach, it must bring this to the attention of the data controller (BoM) without undue delay.

 

 

Dealing with a data access request

  • Individuals are entitled to a copy of their personal data on written request

 

  • The individual is entitled to a copy of their personal data

 

  • Request must be responded to within one month. An extension may be required e.g. over holiday periods.

 

  • No fee may be charged except in exceptional circumstances where the requests are repetitive or manifestly unfounded or excessive.

 

  • No personal data can be supplied relating to another individual apart from the data subject.

 

Providing information over the phone

An employee dealing with telephone enquiries should be careful about disclosing any personal information held by the school over the phone. In particular, the employee should:

 

  • Ask that the caller put their request in writing
  • Refer the request to the Principal for assistance in difficult situations
  • Not feel forced into disclosing personal information

 

 

 

 

 

 

 

 

Implementation Arrangements, Roles and Responsibilities

The BoM is the data controller and the Principal implements the Data Protection Policy, ensuring that staff who handle or have access to Personal Data are familiar with their data protection responsibilities

 

The following personnel have responsibility for implementing the Data Protection Policy:

Name                                      Responsibility

Board of Management:           Data Controller

Principal:                                 Implementation of Policy

 

Ratification and Communication

Ratified at the BoM meeting 15th June 2021 and signed by Chairperson. Secretary recorded the ratification in the Minutes of the meeting

 

Monitoring the Implementation of the Policy

The implementation of the policy shall be monitored by the Principal, staff and the Board of Management.

 

Reviewing and Evaluating the Policy

The policy will be reviewed and evaluated after 2 years. On-going review and evaluation will take cognisance of changing information or guidelines (e.g. from the Data Protection Commissioner, Department of Education and Skills or TUSLA), legislation and feedback from parents/guardians, students, school staff and others. The policy will be revised as necessary in the light of such review and evaluation and within the framework of school planning.

 

 

Signed: …………………………………………………….

For and behalf of Board of Management

 

 

Date: Ratified ……………………………………

 

 

 

Appendix (1) Additional Data Protection Schedule for Scoil Chaitríona Naíonáin

Section 1 Data and the School Office

Data Collected Legal basis/Purpose Storage/ Access
Aladdin Aladdin is the school’s official digital depository. A GDPR compliant data processing agreement with Aladdin has been signed and is available on request.

 

Family Directory Form The data here is submitted on an annual basis to the school for the purposes of safety re dropping to school and collecting from school, access to children by parents and nominated-others, and updates parents permissions for various school protocols and medical-updates.

 

This data must be retained

for the full duration of the

child’s life in the school. It is

stored in a locked filing

cabinet in the locked office.

The data is properly

disposed of when the child moves onto another school.

Teacher/Employee Data The school holds teachers, SNA and all employee data on the Aladdin, DES’s OLCS system and in hardcopy-files. The data collected refers to contact details/ records of leave, records of contracts, records of teaching/employment-history and are all necessary for the governance of the school in keeping with BOM governance protocols.

 

The Aladdin and OLCS systems are password protected. The hardcopy files are kept in locked cabinet in locked office. Records of contracts are kept for the duration of the teacher’s employment and a further 7 years beyond that.

 

 

Section 2: Data and Principal

OLCS System The Principal is an authorised approver of all data held on the DES’s OLCS system.

 

This access is specifically passworded for Principal and Deputy Principal as approvers, and for the secretary only as data-inputter.

 

 

Section 3: Data and Parents

Data Collected Rationale/ Purpose Storage / Access
Parent Teacher Association.

 

The Parent Teacher Association may collect, on a voluntary basis, the names, addresses and contact details of volunteer members exclusively.

 

The Chairperson and Secretary of the PTA are to ensure that access to this databases/hardcopy is available only to the PTA and used exclusively for the purpose of PTA activity and no-other purpose.

 

 

Section 4: Data and Teachers/SNAs (Some classroom/SEN rooms have a secure lockable cabinet for the purposes of storing sensitive data and if not this sensitive data is kept under lock and key in the principal’s office)

Teachers and Aladdin Teachers may record, exclusively, Pupil progress report card, roll-call for attendance, relevant medical information, standardised test scores and end of year school reports on Aladdin.

 

Teachers should ensure not to divulge their Aladdin password to any other person, and passwords should not be stored by default on the class computer. Aladdin should be closed down when not in use, and when the room is unoccupied.

 

Teachers and Seesaw Teachers may provide school and homework on Seesaw, correct pupil’s work and communicate class and school notices with parents. Teacher may upload photographs and videos of individual and class progress having received consent from parents.

 

Teachers should ensure not to divulge their Seesaw password to any other person, and passwords should not be stored by default on the class computer. Seesaw should be closed down when not in use, and when the room is unoccupied.

 

Teacher Generated Documents

 

Any documentation generated by a teacher, or shared to the teacher by a parent, that refers to issues of medical nature, assessment reports, care/child-protection concern , school attendance should be kept on the child’s file in a locked filing cabinet.

 

Kept indefinitely by school principal.

 

Teachers and Class notes Throughout the year the teacher may keep a journal of incidents, reflections and observations as an aide memoire. Pseudonyms or Initials should be used when referring to a child. Should any of these memoires warrant any further attention under the school’s child-safeguarding, antibullying or discipline procedure these matters should be brought to the Principal’s attention who will then keep a formal record. See related policies and procedures
School Website The school’s website has a Privacy Statement. No personal data for any person/child in the school community ever to be shared or posted on the school website.

 

Data and the Board of Management

Data Collected Rationale/Purpose Storage / Access
The BOM hold responsibility for the governance of the school’s GDPR.    
BOM Documents The BOM documents are stored securely. Hard copies of the minutes are stored in a locked cabinet in a locked room The principal stores the BOM minutes in the locked filing cabinet in the locked office. Older minutes are stored in a locked room. These minutes are kept indefinitely.

 

BOM Confidentiality All BOM members are obliged to observe confidentiality about matters discussed at BOM, and any document distributed as part of BOM discussions should be returned at the end of the meeting and shredded. One copy of all BOM documents will be stored securely.

 

 
Staff Training The BOM authorise the principal to direct all staff to conduct training and briefings on this GDPR on an initial and ongoing basis, and breaches of the GDPR will be dealt with under the school’s Complaint and Grievance procedure.

 

 
Financial Records The financial records of the school are also to be treated as confidential and should only be disclosed to the school’s authorised accountant.

 

The school’s financial records are stored in the locked office and annual financial reports to be stored indefinitely.

 

Special Needs Assistants SNAs may keep a journal for recording of incidents, observations and reflections but these entries are understood as aide memoires. Any important or ongoing concern as recorded in this aide memoire should be brought to the principal for formal discussion and recording. The SNAs journal should be stored securely and handed to the Principal at the end of the school year and stored securely and indefinitely.

 

Formal records on school templates and NCSE templates recorded by the SNA should be handed to the school Principal for storing and archiving. These records are kept indefinitely.

 

 

 

 

 

Data and Other Agencies

Tusla and Tusla authorised services, Gardai, Revenue Commissioners Sepratment of Socila Protection, Applications on foot of court order.

 

The school will comply fully with all requests from these statutory agencies.

 

Family solicitors Requests for school data from a family solicitor, whether via a parent, or independently delivered to the school, will be dealt with on a case by case and may involve legal advice or consultation with the National Data Protection Office.

 

HSE and Private Health Professionals Any data requested by a Health Professional can only be released with the explicit permission by the child’s parent. The school keeps a record of any such data that has been shared and is kept by the Principal in the child’s file in a locked cabinet in a secure location.

 

Community Organisations Community organisation are not permitted to collect data from children on their visits to the school, nor will the school facilitate the sharing of any such data.

 

Created by Logo Design Ireland