GDPR - Data Sharing Agreement


Orrets Meadow School

Information Sharing Protocol

for Outreach Services, including SENAAT. 


Production Date: May 2018

Review Date:    May 2019     

Author:      Jane Corrin

Orrets Meadow School Information Sharing Protocol

 This is Orrets Meadow School’s Information Sharing protocol in relation to specialised outreach for children. The outreach service includes both the teaching service (Literacy and Numeracy) and the advice and assessment service (SENAAT).  This document sets out what information can be shared and with whom.  The purpose of this protocol is to make sure that good information governance practices are adhered to.  


Orrets Meadow School offers an outreach service to children.  This service can be accessed by children from across Wirral-wide schools.  With the advent of the General Data Protection Regulations (GDPR), this information sharing protocol has been drawn up.  This protocol will give details relating to what information will be shared and by whom. The legal basis for the sharing of the information is the provision of outreach for special educational needs children.

 Data Protection

Orrets Meadow School is registered under The Data Protection Act 1998 and the registration number is Z5752937.  This registration will be mapped across to an Article 30 document when required by GDPR.  The school have a named Data Protection Officer:

Jane Corrin

0151 666 4446

 Personal Data

Information about children from across Wirral schools will be shared with Orrets Meadow School specifically when specialised outreach has been taken up.  This information will consist of:

  • Child’s Name
  • Child’s Date of Birth
  • School Name
  • Special Educational Needs Information
  • Assessment Information
  • Attainment Information
  • Medical information when deemed necessary

This information may be shared with Outreach Teachers, Head Teacher and Office Staff.

 Appropriate Security Measures

Appropriate and secure technical and operational measures are in place to ensure the security of the information.  These measures include:

  • Staff are trained and aware of their responsibilities under Data Protection legislation
  • Laptops follow bring your own device policy (BYOD)
  • Pupil’s data and reports are stored on Google Drive, School Network or Encrypted pen
  • Pupil’s reports are shared with school using secure methods; including secure internal mail, google drive, secure gmail, hand delivery or by encrypted pen drive.

 Retention and Destruction

Pupil reports are deleted in line with School’s Retention & Destruction policy.

Outreach teaching – reports are kept for one term after the child exits the programme, then destroyed.  

Senaat – reports are kept until the child leaves the school, then destroyed.