GDPR information in relation to Ian Stokes Education Ltd

The Data Protection Act (DPA) was superseded by the General Data Protection Regulation (GDPR) on 25th May 2018. It is important for schools to ensure that that their own systems - and those of any organisations that process data on their behalf - satisfy the requirements of GDPR.

The DfE has issued guidance to schools on GDPR which recommends that schools ask their suppliers some key questions about their systems. The answers to these questions for Ian Stokes Education Ltd are given below.


Scope: which personal and special category data are held?

Ian Stokes Education Ltd will only ask schools to share (and schools should only provide) data which are required for Ian Stokes Education Ltd to deliver those services which have been specifically requested by the school. These services typically include the analysis of pupil performance data and the delivery of training in the use and understanding of pupil performance data.
Depending on the services the school has contracted Ian Stokes Education Ltd to provide, the following personal and special category data may be held by Ian Stokes Education Ltd:

       Personal Data

  • Details of which pupils are on-roll
  • Current and prior attainment data for each of the key stages covered by your school
  • Pupil absence information
  • Pupil information from School Census
  • Pupil estimates, targets & assessments
  • Information on allocation of pupils to pupil groups
  • Pupil address information (home postcode)

      Special Category Data

  • Ethnicity & Language
  • SEND Information

By contracting Ian Stokes Education Ltd to supply specific services, the school agrees to share the appropriate data required to deliver those services.

Ian Stokes Education Ltd also holds information on its customers. This information is limited to:

  • Contact details, including job title.

Sharing: does any personal data held by Ian Stokes Education Ltd flow onto anywhere else?  

Ian Stokes Education Ltd will not share or transfer any personal data unless specifically requested and agreed by the school which controls these data.

Ian Stokes Education Ltd may use anonymised pupil and school data for the purpose of training. Any pupil and school data used for these purposes will not be identifiable or traceable to the individuals or schools concerned. If a school does not wish their anonymised pupil or school data to be used for training purposes they should inform Ian Stokes Education Ltd in writing.

Ian Stokes Education Ltd will not share customer information with third party organisations unless specifically requested or agreed by the customer. Ian Stokes Education Ltd may seek permission from the customer to use information and feedback provided by customers, for the purpose of testimonials, references and marketing.

Retention: What is Ian Stokes Education Ltd’s data retention policy?

       Pupil & school data

  • All pupil & school data provided to Ian Stokes Education Ltd by the school will be deleted no longer than 6 months after the contract to supply services agreed between Ian Stokes Education Ltd and the school has expired. Contracts are usually agreed for a 12-month period, covering a financial year.
  • If a school agrees a new contract with Ian Stokes Education Ltd, existing pupil data will be retained for the duration of this and successive contracts, for a maximum of 5 years.

       Customer data

  • Historic customer data, including contact details and job title, will be retained for a maximum of 5 years.

Access: how can a school access their information held by Ian Stokes Education Ltd? 

Pupil & school data: Any pupil or school data provided to Ian Stokes Education Ltd by the school should also be retained in the school’s own systems and there should be no need to access these data via Ian Stokes Education Ltd. However, if a school does wish to receive copies of any data held by Ian Stokes Education Ltd, this should be requested in writing. All requests for information will be responded to within 5 working days.
Customer data: A school can request a copy of its customer data, in writing. All requests for information will be responded to within 5 working days.

Security: How does Ian Stokes Education Ltd ensure the security of the personal data it holds?
What recognised standards are in place?

All electronic pupil and school data held by Ian Stokes Education Ltd are stored only on physical media, secured by industry-standard encryption software (e.g. BitLocker).Ian Stokes Education Ltd does not store pupil or school data on remote, cloud-based servers (such as Microsoft One Drive or Google Drive). All pupil and school data (stored on computer devices or on paper) are held securely on site in a locked safe. Data are usually transferred between Ian Stokes Education Ltd and schools via email. Ian Stokes Education Ltd will not include any personal data in an unencrypted email. Any personal data transferred via email will be in the form of a secure, encrypted attachment (AES-256 encryption). Schools should not send any personal data to Ian Stokes Education Ltd in an unencrypted email or an unencrypted email attachment. Ian Stokes Education Ltd is registered with the Information Commissioner’s Office (reference ZA233413).


Readiness: Is Ian Stokes Education Ltd  GDPR compliant by May 2018? 
Yes – Ian Stokes Education Ltd is GDPR compliant as of May 2018.