School leaders and governors aren’t expected to know the answer to every question, and we know there’s plenty of question on your mind. That’s why, through a subscription to TheSchoolBus, you have access to our question and answer service, where our dedicated research team are on hand to answer any questions you have.
Our research team conduct extensive research to find you the answer you need – we’ll read through any relevant guidance or legislation, liaise with our sector specialists and contact other organisations, such as the DfE, ICO and HSE, to make sure we have all the necessary information to answer your questions.
To showcase the wonderful work our research editors do, we decided to give away the answer to our most popular question of the week!
Monday 16 April
Q: In an MAT, should the board of trustees ratify each school’s safeguarding and SEND policies, or can this be delegated to the local governing board (LGB) of the respective schools?
In accordance with the DfE’s ‘Multi-academy trusts’ guidance, the board of trustees will be held accountable for non-compliance and it is responsible for ensuring schools within the trust are compliant with statutory requirements. The document also specifies that the MAT’s board of trustees has the authority to “delegate governance functions to LGBs or other committees including to oversee one or more individual academy.”1 Unfortunately, after calling for clarification, the DfE couldn’t provide any further guidance regarding policies that could be ratified at governing board level.
To overcome this, we referred to our governance experts who confirmed that it is good practice for the board of trustees of an MAT to ratify each school’s safeguarding and SEND policies and allow each academy to amend their policies to ‘reflect local circumstances, including the academy’s specific LA’.2
Furthermore, the responsibility for the strategic oversight of safeguarding sits with trustees/ directors of the trust. That being said, trusts can consider delegating some of that responsibility to its LGBs to ensure that individual academy policies pertaining to safeguarding and child protection complies with the requirements, and practices, of the Local Safeguarding Children Board which, of course, is a function owned by the LA. There should be no bar to safeguarding or child protection issues being dealt with immediately and effectively. 3
Overall, it would be considered good practice for the MAT to ratify any policies pertaining to safeguarding and SEND, yet policies should be amended at LGB level to enable individual academies to account for their LAs safeguarding and SEND protocols.
1 DfE, (2016) ‘Multi-academy trusts’ p.21
2 Wadley, N., (2018) (Email conversation regarding ratifying policies at trust level) [Personal communication: 12 April 2018]
3 Hodsman, S., (2018) (Email conversation regarding ratifying policies at trust level) [Personal communication: 12 April 2018]
Monday 9 April
Q. How do you decide whether legitimate interest is the most suitable lawful basis for processing data?
On the whole, legitimate interest is the most commonly used lawful basis but it will not always be applicable.1
To judge whether you can use legitimate interest for processing data, such as using pupils’ photographs as part of the school’s management information system, you should carry out three different tests, these are:
- Purpose test – establishing why you want to use the data, what will be achieved and whether the benefits are justifiable.
- Necessity test – establishing whether the processing of the pupils’ data will be useful and whether there is a less intrusive way of reaching a means to an end.
- Balance test – establishing the impact it will have on the data subject by processing the data for said reason.
These three tests make up a ‘legitimate interest assessment’ (LIA) – you should carry out a LIA prior to obtaining the data and it should be recorded in a physical copy so that you are compliant with the GDPR.
A LIA is designed so that you can judge whether processing data in the ways you are suggesting is necessary and expected from the data subjects. The LIA is designed so that the data processors (the school) consider the impact the processing would have on the individual's own rights and freedoms.2
1 ICO (2018) ‘Legitimate interests’ <https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/legitimate-interests/> [Accessed: 06 April 2018]
2 ICO (2018) (Email conversation regarding lawful basis for processing personal data) [Personal communication: 06 April 2018]
Monday 2 April
Q. Is a separate privacy notice required for governors?
We spoke directly with the DfE, who confirmed that governors are considered to be part of the school workforce and are therefore covered by this privacy notice - a separate privacy notice for governors is not required.1
1 DfE (2018) (Telephone conversation regarding privacy notices for governors) [Personal communication: 21 March 2018]
Monday 19 March
Q. What should our office staff prepare for before Ofsted inspections?
1. Preparing office staff for Ofsted
In addition to all aspects of their prescribed role, office staff should be up-to-date on the school’s attendance and absence data, punctuality and lateness, and the visitor’s procedure aspects of the school’s Safeguarding Policy.
2. Greeting inspectors
Inspectors must be treated in-line with your visitor’s procedure. For this reason, greet them with warmth and, as with any other visitor, ask to see their photo ID, sign in the visitor’s book, and ask them to read/take note of whatever safeguarding arrangements the school has in place for visitors.
3. What might inspectors ask office staff to do during inspection?
- More often than not, it is the office manager who will have the single central record and so they may be asked to produce it.
- During the inspection the inspector might ask office staff (or the headteacher) directly about their arrangements for checking visitors.
- The office staff (or headteacher) might be asked to print off the parent view results during the second day.
- The office staff (or headteacher) might be asked about present attendance, past attendance, arrangements for following up absences, attendance of different pupil groups, punctuality and lateness.
4. Sources of further reading
The most important documents for any section 5 inspection are “The Inspection Handbook”, “The Framework for School Inspections” and “Inspecting Safeguarding in Maintained Schools”.
Monday 12 March
Q. Who can be a school's data protection officer (DPO)?
The role of data protection officer (DPO) can be undertaken by any individual either internally, for example by a staff member or governor, or externally, such as by a third party data specialist; however, the GDPR requires the appointed person to have professional experience and knowledge of data protection law.1
Whilst the GDPR does not specify any particular qualifications a DPO should have, when appointing someone to the role, it is important to ensure that the proposed person has knowledge proportionate to the type of processing the school carries out, as well as an understanding of the school’s IT, technical and organisational infrastructure. (ICO, 2016)
It should be noted that, when appointing the role internally, it must be ensured that the individual’s duties as DPO do not lead to a conflict of interest within their other role. For example, where a governor is appointed as DPO they should not be given any other responsibilities.2
To help you further understand the role of the DPO and appoint an appropriate person, explore our Role of the Data Protection Officer guidance.
1 ICO (2016) ‘Data protection officers’, <https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-officers/ > [Accessed: 8 March 2018]
2 Data Protection Education (2017) ‘The GDPR and Your School - The Data Protection Officer’, <https://dataprotection.education/blog/18-gdpr-in-education/23-the-gdpr-and-your-school-the-data-protection-officer-dpo> [Accessed: 7 March 2018]
Monday 5 March
Q. Under the GDPR, how often do privacy notices need to be signed?
To answer this question we reviewed the ICO’s Consent webpage, which states you should “keep consents under review and refresh them if anything changes”1; therefore, privacy notices need only be signed once.
Consent will need to be sought in the event the reasons for processing change and consent isn’t specific to the new processing purposes, e.g. if the school needs to collect more data, such as employment history. To ensure consent remains compliant with the terms of the GDPR, the ICO recommends “building regular consent reviews into your business processes”. (ICO, para.29)
The ICO website also suggests:
- Keeping records to evidence consent – who consented, when, how and what they were told.
- Making it easy for people to withdraw consent at any time they choose. (ICO paras. 27 & 28)
In summary, consent should be sought when initially issuing a privacy notice and when any adjustments have been made that affect the original consent.
1 ICO (2017) ‘Consent’, paras. 27, 28, & 29 <https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-basis-for-processing/consent/#ib5> [Accessed: 14 February 2018]
Monday 26 February
Our question of the week is: How long should schools retain pupil records, including sensitive data?
We spoke to the Information Commissioner’s Office, who confirmed that the Data Protection Act 1998 does not stipulate how long records should be kept for and by whom.1 However, it is considered good practice for pupil records to be kept until the pupil reaches the age of 25 and that the responsibility for keeping these records lies with the school which the pupil attended until they reached statutory school leaving age.
Our team also sought the opinion of the DfE, who advised that maintained schools should liaise with their LA in regards to the storing and retention of sensitive data, such as special educational needs and disabilities information.2
For this reason, it is suggested that schools contact their LA to clarify retention details in order to ensure that their school is fully compliant with procedures within their relevant area.
1 ICO (2016) (Telephone conversation about record retention in schools) [Personal communication: 19 October 2016]
2 DfE (2016) (Telephone conversation about record retention, particularly SEND and child protection information) [Personal communication: 19 October 2016]
Monday 19 February
Q. How does Ofsted define good attendance when inspecting schools?
In terms of what Ofsted would define as good or better attendance when conducting inspections, our Ofsted expert advised that 96 percent is the key indicator of good attendance (the current national average), but schools must monitor the attendance of all key groups using the relevant figure tables.1
In light of the above, our governance expert, Nicki Wadley, further advised that Ofsted consider the attendance statistics for a school and national averages (relevant to the specific school type, e.g. a primary school), and will also use these as an indicator of good attendance.2
As well as using statistical information, Ofsted will also consider a school’s approach towards improving and tackling poor attendance, and will therefore use procedures as well as figures to decide on a school’s overall attendance performance. Our Ofsted Expectations of Pupil Attendance guidance document explains what Ofsted look for when assessing attendance.
1 Ofsted Expert (2017) (Email communication regarding attendance percentages) [Personal communication: 8 September 2017]
2 Nicki Wadley (2017) (Personal communication regarding Ofsted’s expectations of attendance) [Personal communication: 6 September 2017]
Monday 12 February
In accordance with guidance from the DfE, we can confirm that from the 2017/2018 academic year, it is now a requirement for schools to publish information relating to swimming on their school website, specifically in relation to the PE and sport premium grant. This includes how many pupils within a school’s Year 6 cohort are meeting the national curriculum requirements to:
- Swim competently, confidently and proficiently over a distance of at least 25 metres.
- Use a range of strokes effectively.
- Perform safe self-rescue in different water-based situations.1
Schools may choose to use some of the PE and sport premium to improve swimming provision – if they choose to do so, they must also publish certain information relating to the distribution of their funding; this includes the following:
- The amount of premium received
- A full breakdown of how it has been spent, or will be spent
- The impact the school has seen on pupils’ PE and sport participation and attainment
- How the improvements will be sustainable in the future
In order to help schools meet this requirement, we have created a PE and Sport Premium Strategy Template in line with our pupil premium expert, which helps schools address each criteria effectively and set out their strategy for using the funding.
1 DfE (2014) ‘PE and sport premium for primary schools’, para ‘Accountability’, <https://www.gov.uk/guidance/pe-and-sport-premium-for-primary-schools#how-to-use-the-pe-and-sport-premium> [Accessed: 5 February 2018]
To learn more about our QA service and our in-house production process that makes us so popular, take out a free, no obligation trial today - http://hub4leaders.co.uk/free-trial/