What does GDPR at Leeds Governance for Growth mean for you?

Introduction

The governors who are supported by and are customers of Leeds Governance for Growth have many legal rights about how their personal data is obtained, stored, processed and transmitted (i.e. ‘processed’) both during your period on the governing board and after. The school (or Leeds Governance for Growth on behalf of a school/customer) has to obtain certain information before a candidate for the governing body may stand for election; further information has to be passed on to the DfE (and possibly also the LA and/or diocese). This privacy notice details how Leeds Governance for Growth will comply with the law and gives you an understanding of why and how Leeds Governance for Growth uses the information about you. This privacy notice is not a form of contract.

Leeds Governance for Growth acknowledge the absolute necessity for correct and lawful treatment of data and are committed to ensuring security for data.

Roles and Responsibilities
Leeds Governance for Growth is a Data Controller as we are responsible for decisions about how and why we use your personal information (for example collecting contact information to organise meetings effectively).

At times Leeds Governance for Growth acts as a Data Processor when we are required to obtain, process and transfer data on the behalf of external organisations (certain details about governors have to be passed on to the DfE / school / local authority, for example).

Leeds Governance for Growth has appointed a Data Protection Officer (below), and will coordinate data protection practice through Suzanne Hawkshaw.

Adrian Stygall, Schools’ Liaison Director, Safeguarding Monitor
gdpr@safeguardingmonitor.co.uk
0330 400 4142

Mr Stygall may be contracted directly should any customer / governor feel that their concerns about data protection are not being addressed within Leeds Governance for Growth. Amongst the DPO’s duties are:

Advice the secure storage and transmission of data (both physical and digital)
Updates on the GDPR
The completion of a data audit
Support for a data processing record system
The provision of template GDPR documentation (please note that this cannot be shared beyond the school without the permission of Safeguarding Monitor)
Reporting to the school’s leadership and governing body on levels of security and compliance
Support with securing from third parties who might hold personal data through the school certification that they are also complying fully with GDPR duties
The DPO will communicate with the Information Commissioner’s Office should there be a confirmed or suspected data breach
The DPO will communicate with any person whose data might have been improperly accessed, lost or stolen

The principles under which Leeds Governance for Growth will process data
Data will be kept securely
Personal information will all be stored no longer than is necessary to exercise appropriate duties and statutory requirements
All governors and customers will be informed clearly about the purposes for processing data
Data processing will be limited to the purposes that are explained to customers and governors
Information / data will be relevant, current and up-to-date
Data and personal information will only be used in a legal and transparent manner

The categories of information and the bases for which that information is processed

In broad terms Leeds Governance for Growth will collect, store, process and transmit data to meet appropriate duties under
Safer recruitment (which governors have the relevant training)
Contact details for organisation of meetings and training
Governor welfare (should it be thought wise to keep next-of-kin details)
Attendance details (meetings)
To meet the school’s responsibilities under the Equalities Act and to meet the national guidance on the recruitment of governors
Draft version of minutes for meetings and supporting papers which will be held in locked cabinets until the final version has been approved and signed at which point the draft papers will be destroyed through a registered confidential waste disposal company who will provide a certificate of destruction

Specifically the school will process the following information

Data processed on the legal basis of public task for safe recruitment
Which governors may lead recruitment following successful training in safer recruitment and a record of training and development undertaken.

Data processed on the legal basis of public task
Your fitness to acquire the role of school governor (the declaration governors sign when standing for office). The category within which you will serve as a governor (such as a parent governor). The names of nominees.

Data processed on the legal basis of public task for governor welfare
If deemed necessary by the governor / customer - contact details for your next of kin, any medical needs, disability, allergies and any other health needs that you choose to share

Data processed on the legal basis of public task to fulfil the school’s duty of accountability
The roles that you agree to take on within the board of governors. The numbers of meetings attended and the training that you acquire in your role as governor.

Data processed on the legal basis of consent for equality monitoring
The DfE requires data on the background of governors to be registered by the Headteacher or their representative. This data may include ethnicity, country of birth and gender

This cannot be an exhaustive list, but Leeds Governance for Growth will inform customers / governors of any significant extra data processing that involved governors’ personal information.
Following DfE advice schools require that all governors have their background checked with the Disclosure and Barring Service as they have a role of responsibility for vulnerable children.

If significant information is withheld then a candidate for the role of governor might not be able to stand for election.

Certain categories of personal information are seen as particularly sensitive:
Data concerning health, including mental health
Data concerning children
Data relating to religion
Data relating to sexuality
Data relating to ethnicity
Data relating to performance management

Should Leeds Governance for Growth process any governor’s data from the above categories, then particular care will be taken and the data will be kept securely. Likewise the governors share a duty of care with such data and must treat data within these categories with enhanced confidentiality.

Automated decision making processes based on governors’/customers data are not used.

Leeds Governance for Growth does require all third parties who have access to or also process customer data (such as schools, local authority etc), to confirm that they also meet the standards expected by the GDPR.

Under law, under almost all circumstances, you have the right to request access to your personal information that Leeds Governance for Growth holds. Usually this is called a ‘subject access request.’ Under this right you may request a copy of the information that is held to check the data and to check that the processing is lawful. Please note that ‘subject access requests’ cannot attract a fee, but that they do necessitate significant time and human resources.

Additional data may be processed on the legal basis of consent. Your consent would be sought, thereafter you would have the right to withdraw consent.

As well as seeking advice and taking complaints to the school’s Data Protection Officer (see contact details above) individual governors and customers may make a complaint to the Information Commissioner’s Office (ICO) which is the UK supervisory authority for data protection.

It is likely that the EU GDPR will, with minimal alteration, become the Data Protection act 2018. Leeds Governance for Growth will provide amended terms should that be necessary.

Leeds Governance for Growth may update this privacy notice at any time. A copy of the new notice will be given to you. We may inform you in other ways of any changes the we may make to the processing of your data.