Policies‎ > ‎

Data Protection

This policy will help the school meet its aims in the following ways.

Woodlawn School is a community
  • in which all partners include, involve and inform each other. 
  • This policy will ensure that this aim is met in a way which ensures that information about the school and its work is available freely to those who have the right to it and who may benefit from this. It also ensures that information which should be kept confidential remains so. 
  • that actively develops parental partnerships for the benefit of the pupils 
  • This policy sets out the rights that parents have access to the school’s information about their child. that values communication and provides the time and opportunity to make it effective. 
  • This policy looks positively at the way information is shared to ensure that effective, legal and timely communication is maintained. that establishes an atmosphere of security, trust and respect for all. 
In ensuring that information is legally shared with all those who have a right and also demonstrating a willingness to be open about it policies and procedures this policy helps the school establish trust and respect.


1. The school will comply with:

The terms of the 1998 Data Protection Act, and any subsequent relevant legislation, to ensure personal data is treated in a manner that is fair and lawful. Information and guidance displayed on the Information Commissioner’s Office (ICO) (www.dataprotection.gov.uk).

2. This policy should be used in conjunction with the school’s Acceptable Use of ICT policy.

3. Data Gathering

All personal data relating to staff, pupils or other people with whom we have contact, whether held on computer or in paper files, are covered by the Act. Only relevant personal data may be collected and the person from whom it is collected should be informed of the data’s intended use and any possible disclosures of the information that may be made.

4. Data Storage

Personal data will be stored in a secure and safe manner. Electronic data will be protected by standard password and firewall systems operated by the school. Computer workstations in administrative areas will be positioned so that they are not visible to casual observers waiting either in the office or at the reception hatch. Manual data will be stored where it is not accessible to anyone who does not have a legitimate reason to view or process that data. Particular attention will be paid to the need for security of sensitive personal data.

5. Data Checking

The school will issue regular reminders to staff and parents to ensure that personal data held is up-to-date and accurate. Any errors discovered would be rectified and, if the incorrect information has been disclosed to a third party, any recipients informed of the corrected data.

6. Data Disclosures

Personal data will only be disclosed to organisations or individuals for whom consent has been given to receive the data, or organisations that have a legal right to receive the data without consent being given.

When requests to disclose personal data are received by telephone it is the responsibility of the school to ensure the caller is entitled to receive the data and that they are who they say they are. It is advisable to call them back, preferably via a switchboard, to ensure the possibility of fraud is minimised.

If a personal request is made for personal data to be disclosed it is again the responsibility of the school to ensure the caller is entitled to receive the data and that they are who they say they are. If the person is not know personally, proof of identity should be requested.

Requests from parents or children for printed lists of the names of children in particular classes, which are frequently sought at Christmas, should politely refuse but a list of first names can be given.

Personal data will not be used in newsletters, websites or other media without the consent of the data subject.

Routine consent issues will be incorporated into the school’s pupil data gathering sheets, to avoid the need for frequent, similar requests for consent being made by the school.

Personal data will only be disclosed to Police Officers if they are able to supply a WA170 form which notifies of a specific, legitimate need to have access to specific personal data. This form is the agreed procedures between North Tyneside Council and Northumbria Police.

A record should be kept of any personal data disclosed so that the recipient can be informed if the data is later found to be inaccurate.

7. Subject Access Requests


If the school receives a written request from a data subject to see any or all personal data that the school holds about them this should be treated as a Subject Access Request and the school will respond within the 40 day deadline.

Informal requests to view or have copies of personal data will be dealt with wherever possible at a mutually convenient time but, in the event of any disagreement over this, the person requesting the data will be instructed to make their application in writing and the school will comply with its duty to respond within the 40 day time limit. 

8. Data Protection Statements are included in on any forms that are used to collect personal data.