School Logo

Data Protection & GDPR

What is the General Data Protection Regulation?

The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which will determine how people’s personal data is processed and kept safe, and the legal rights individuals have in relation to their own data. It came into effect on 25 May 2018 to organisations that process or handle personal data, including schools. 

It's similar to the Data Protection Act (DPA) 1998 in many ways. Most of the differences involve the GDPR building on or strengthening the principles of the DPA. 


What will be different? 


Privacy notices

This has changed to ensure that we state who we are, why we process information and what we do with it, our legal basis for processing, your right to make a complaint to the supervisory authority and other rights in relation to access and correcting inaccurate data. 



Our privacy notices are available below.


Subject access requests

This is the process you would use to ask for access to data that we hold on you/your child.  Please read the privacy notice about what you can request and if you wish to complete an SAR form and send to the Data Protection Officer (DPO).  The school has 1 month to respond, but this will be difficult during school holidays, so we request that any SARs are sent in term time only.


You can download a copy of the SAR form below.



The GDPR brings in stricter rules around consent.  Whilst the majority of pupil information provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulation, we will inform parents whether you are required to provide certain pupil information to us or if you have a choice in this and then will ask for your consent for us to hold this information.  This is mainly around photographs and videos and your consent has already been obtained for this in the past.


Data breaches

The Information Commissioners Office (ICO)  must now be notified within 72 hours of data breaches where an individual is likely to suffer some form of damage, such as through identity theft or a confidentiality breach. 


Data protection officer (DPO)

The schools DPO can be contacted via email on