School  »  Data Protection

Data Protection and the GDPR

The General Data Protection Regulation came into force in May 2018 and is based on data protection principles that our school must comply with. The principles say that personal data must be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed
  • Accurate and, where necessary, kept up to date
  • Kept for no longer than is necessary for the purposes for which it is processed
  • Processed in a way that ensures it is appropriately secure

Our school aims to ensure that all personal data collected about staff, pupils, parents, governors, visitors and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the provisions of the Data Protection Act 2018 (DPA 2018).

How we do this is explained in our Data Protection Policy and our Privacy notices, all of which are available at the bottom of this page. Our Data Protection Policy applies to all personal data, regardless of whether it is in paper or electronic format.

Our policy meets the requirements of the GDPR and the provisions of the DPA 2018. It is based on guidance published by the Information Commissioner’s Office (ICO) on the GDPR and the ICO’s code of practice for  subject access requests.

It meets the requirements of the Protection of Freedoms Act 2012 when referring to the use of biometric data. It also reflects the ICO’s code of practice for the use of surveillance cameras and personal information.

In addition, our policy complies with regulation 5 of the Education (Pupil Information) (England) Regulations 2005, which gives parents the right of access to their child’s educational record.

Further information
For further information from us on data protection and privacy or any requests concerning your personal information please contact school.