1. General Information

personal information, as provided for in the Data Protection Act 2018 and the UK GDPR. This includes: • being confident of the processing conditions which allow them to store and share information for safeguarding purposes, including information, which is sensitive and personal, and should be treated as ‘special category personal data’. • understanding that ‘safeguarding of children and individuals at risk’ is a processing condition that allows practitioners to share special category personal data. This includes allowing practitioners to share information without consent where there is good reason to do so, and that the sharing of information will enhance the safeguarding of a child in a timely manner, but it is not possible to gain consent, it cannot be reasonably expected that a practitioner gains consent, or if to gain consent would place a child at risk. • for schools, not providing pupils’ personal data where the serious harm test under the legislation is met. 30 For example, in a situation where a child is in a refuge or another form of emergency accommodation, and the serious harms test is met, they must withhold providing the data in compliance with schools’ obligations under the Data Protection Act 2018 and the UK GDPR. Where in doubt schools should seek independent legal advice. 110. The Data Protection Act 2018 and UK GDPR do not prevent the sharing of information for the purposes of keeping children safe. Fears about sharing information must not be allowed to stand in the way of the need to safeguard and promote the welfare and protect the safety of children. 111. Further details on information sharing can be found: • in Chapter one of Working Together to Safeguard Children, which includes a myth-busting guide to information sharing • at Information Sharing: Advice for Practitioners Providing Safeguarding Services to Children, Young People, Parents and Carers. The seven golden rules for sharing information will be especially useful • at The Information Commissioner’s Office (ICO), which includes ICO UK GDPR FAQs and guidance from the department • in Data protection: toolkit for schools - Guidance to support schools with data protection activity, including compliance with the UK GDPR.

30 The harm test is explained on the Disclosure and Barring service website on GOV.UK . Section 31(9) of the Children Act 1989 as amended by the Adoption and Children Act 2002, available at legislation.gov.uk

30