To ask the Secretary of State for Education, with reference to provisions in the Schools Bill, what steps he has taken to ensure that sufficient safeguards are in place around the (a) use and (b) protection of the data collected as part of the proposed requirements to create a register of home schooled children; what assessment he has made of the compatibility of those provisions with GDPR; and to whom that register will be accessible.
25 July 2022
Education is a devolved matter, and the response outlines the information for England only.
The proposed ‘children not in school’ registers are intended to help with the identification of children being educated otherwise than at school, so that local authorities can undertake their existing responsibilities, to ensure all children are receiving a suitable education.
All local authorities will be required to process personal data they collect and store on their register in accordance with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018. This legislation requires each local authority, as a data controller, only to collect and store the minimum personal data necessary and to protect and restrict access to the personal data by implementing appropriate technical and organisational measures.
Policy changes which require personal data processing, such as the ‘children not in school’ registers, are subject to scrutiny by the data protection officer (DPO) and their team, as part of the Data Protection Impact Assessment. The DPO will discuss requirement with the Information Commissioner’s Officer as part of their duties under the ‘prior notification’ obligations in Article 36 of the UK GDPR. This will ensure there are safeguards in place to protect the data on local authority registers.