Data Protection Policy
SEND Supported LLP needs to keep information about the pupils and individuals it works with in order to be able to effectively identify their needs and provide the best advice it can, regarding appropriate support and next steps.
Data Protection law will change on 25th May 2018 when the new General Data Protection Regulations (GDPR) come into force. This data protection policy ensures SEND Supported LLP:
- Complies with data protection law and follows good practice
- Protects the rights of clients and staff
- Is open about how it stores and processes individuals’ data
- Protects itself from the risks of a data breach
SEND Supported LLP is committed to the protection of all personal and special category data, for which it holds responsibility as the Data Controller, and for the secure processing of such data in line with the principles set out in the General Data Protection Regulations. Further changes to data protection legislation shall be monitored and implemented in order to remain compliant with all requirements.
As a Data Controller, SEND Supported is registered with the Information Commissioner’s Office (ICO). Employees of SEND Supported are required to abide by the principles and procedures set out in the policy. The Data Protection Officers are Clair Cole and Leonie Berry who will oversee this policy and ensure employees are fully aware of their responsibilities.
SEND Supported LLP will ensure that personal information is:
- Processed fairly and lawfully
- Obtained only for specified, lawful purposes
- Adequate, relevant and not excessive
- Accurate and kept up to date
- Not to be held for any longer than necessary
- Processed in accordance with the rights of data subjects
- Protected in appropriate ways
- Not to be transferred outside the European Economic Area (EEA), unless that country or territory also ensures an adequate level of protection.
SEND Supported recognises the rights given to individuals in the GDPR:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.
In line with the above principles, SEND Supported will provide a privacy notice to all individuals before collecting personal data about them. In the case of children, the privacy notice will be provided to the parent although it will be considered on a case by case basis for older children, as to whether they have an understanding of the information and processes. If this is apparent, a privacy notice will be provided for them.
The privacy notice sets out why we are collecting personal data, how long it will be held for and who we intend to share it with. It also states the lawful bases for collecting the data. Our privacy notices will be clear, with easy to understand language, and will be regularly reviewed and updated as necessary. If we intend to use an individual’s personal data in a new way, we will inform them prior to this happening.
Everyone who works for or with SEND Supported LLP has some responsibility for ensuring that data is processed appropriately and in line with this policy.
SEND Supported LLP partners are ultimately responsible for ensuring that SEND Supported LLP meets its legal obligations and for:
- Ensuring all systems, services and equipment used for storing data meet acceptable security standards.
The SEND Supported LLP data protection officers are responsible for:
- Keeping the partners updated about data protection responsibilities, risks and issues.
- Reviewing all data protection procedures and related policies, in line with an agreed schedule.
- Arranging data protection training and advice for the people covered by this policy.
- Handling data protection questions from staff and anyone else covered by this policy.
- Dealing with requests from individuals to see the data SEND Supported LLP holds about them (also called subject access requests)
- Checking and approving any contracts or agreements with third parties that may handle SEND Supported LLP’s sensitive data
GUIDELINES FOR PARTNERS AND EMPLOYEES
- The only people able to access data covered by this policy should be those who need it for their work
- Data should not be shared informally
- SEND Supported LLP will provide ongoing training to all employees to help them understand their responsibilities when handling data
- Employees should keep all data secure, by taking sensible precautions and following the guidelines below
- In particular, strong passwords must be used and they should never be shared
- Personal data should not be disclosed to unauthorised people, either within the company or externally.
- Data should be regularly reviewed and updated if it is found to be out of date. If no longer required, it should be deleted and disposed of
- Employees should request help from their line manager or the data protection officer if they are unsure about any aspect of data protection
Data stored on paper:
- Should not be left where unauthorised people could see it, for example like on a printer.
- Will be kept in a secure place where unauthorised people cannot see it ie in a locked drawer or filing cabinet.
- Must be securely shredded and disposed of when no longer required or otherwise passed back to schools.
Data stored electronically must be protected from unauthorised access, accidental deletion and malicious hacking attempts:
- All SEND Supported laptops are encrypted and password protected by strong passwords that are changed regularly and never shared between employees.
- Data will be stored on laptops for the shortest time possible.
- No data is stored on removable media such as a USB.
- Data is regularly uploaded to SEND Supported LLP’s Office 365 cloud service which is password protected and only accessed from encrypted laptops.
- Data is backed up frequently.
- All laptops containing data should be protected by approved security software and a firewall.
- When working with personal data employees should ensure the screens of their computers are always locked when left unattended.
- Data will be encrypted before being transferred electronically.
- Data will be held in as few places as possible.
- Staff will endeavour to keep data accurate and up to date.
- Individuals can contact SEND Supported LLP’s data protection officers to have their personal information updated.
FOR FURTHER INFORMATION
- You have the right to request your personal data from SEND Supported.
- You have the right to request that we erase personal information we hold on your child.
- You have the right to ask us for copies of your personal information in a commonly used format and you can ask us to send the data to other organisations.
- You have the right to ask us to restrict the use of your personal information.
For all of the above, please contact SEND Supported’s Data Protection Officers (Clair Cole and Leonie Berry firstname.lastname@example.org or email@example.com). We will respond as soon as possible and, at the latest, within 28 days. If you wish to raise a complaint about the way we have handled your personal information, you can contact Clair Cole and Leonie Berry who will investigate the matter. If you are not happy with the response, you may take your complaint to the Information Commissioner’s Office (ICO).