Data Protection (GDPR)


What is the General Data Protection Regulation? (GDPR)

On 25th May 2018, the UK’s Data Protection Act 1998 is being replaced by a new law called the GDPR (the EU General Data Protection Regulations 2016). This law governs how we collect, use and share people’s information and provides greater rights to individuals and control over how their information is handled by organisations, including schools.

It is in place to give data subjects control of their data and gives organisations processing that data more responsibilities in relation to how they collect, process, store, share and destroy data.

We hold a great deal of data – not only about pupils, but also staff, parents, volunteers, visitors, suppliers and other ‘data subjects’. GDPR requires us to not only minimise any risks to the unauthorised access and loss of personal data within school, but also provide evidence and documentation of our processing activity.

In order to demonstrate our commitment to GDPR compliance we are doing the following:

​- Documenting and processing activity; including ensuring we have a lawful basis for processing

– Auditing this processing and identifying and creating an action plan to mitigate any risks to personal data

– Documenting the compliance of third-party providers and reviewing contracts to ensure compliance with GDPR

– Ensuring that we have processes and procedures in place to ensure the rights of data subjects

– Reviewing the technical and organisational measures in place to protect data

– Training staff on GDPR and our data handling processes – including Governors

The process of becoming fully GDPR compliant will take some time because it affects all aspects of the school. Whilst there will be changes, we are committed to ensuring that there is no negative impact on teaching and learning and the welfare of pupils and staff.

As a parent or carer, you may receive some letters from us regarding GDPR. Some of those may be about consent and some about updating your information with us. We would appreciate it if you would read all information you receive and send back any relevant documents back to school.

You have a right to be informed about how the school uses personal data about your child. We comply with this right by providing ‘privacy notices’ to individuals where we are processing their personal data.

We are required by law, to provide information about our pupils to the Department for Education (DfE) as part of statutory data collections such as the school census and early years’ census. Some of this information is stored on the National Pupil Database (NPD). The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.

To contact DfE, please click here.

Data Protection and GDPR Policy 2021

Data Breach Policy March 2021

Data Retention Policy March 2021

Freedom of Information Policy and Publication Scheme March 2021


Subject Access Requests (SARs)

You have a right to request any data held at school about your child.  In order to make a Subject Access Request (SARs) then please contact our Data Protection Officer, which are:

Data Protection Officer: Judicium Consulting Limited

Address: 72 Cannon Street, London, EC4N 6AE



Telephone: 0203 326 9174

Lead Contact: Craig Stilwell