Data Protection

School Information: Data Protection

Data protection and privacy took a huge step forward in May 2018 with the introduction of the General Data Protection Regulation (GDPR). This developed exisiting data protection legislation in the EU and harmonised it as well as strengthening the rights of individuals.

The General Data Protection Regulation (GDPR) is the development of the Data Protection Act (1998) and will come into effect on the 25th May 2018. It covers all the countries in the EU and will be adopted by the UK. Although based on the Data Protection Act 1998 it means schools will have to change their approach to Data Protection.
GDPR changes the importance of looking after the information we have about you and making sure we keep it safe so no-one can misuse it.
We have looked thoroughly at the data we hold and minimised it as much as possible and evaluated our procedures to ensure we are holding it as securely as we can.

Our Data Protection Officer is Handsam Ltd. ( and can be contacted at

What is the GDPR?

GDPR is a regulation by the European Parliament which adds to the UK’s data protection laws, and gives people more rights over their own information (or data).

What has changed under the GDPR?
  • Organisations that hold data (information) about people (like parents, students and staff) need to handle it in a fair and lawful manner.
  • You can only keep personal data if you have a lawful reason, when the person knows and when informed consent is gained. You cannot just gather lists of people’s personal information for no particular reason.
  • Any personal data stored must be for the reason people are given – in other words you can’t collect email addresses to send out School Newsletters and then use the same list to send out something quite different.
  • Personal data must be accurate and kept up to date.
  • Personal data must not be stored for longer than necessary. Keeping details of people that you no longer need or use (for example, previous students) is against the law. The length of time we keep data for is given in our data protection policy.
  • Personal data must be kept securely.
  • Personal data can only be handled in a way that respects the rights of individuals.

GDPR gives people more rights to know how their personal data is being used.

  • The right to be ‘forgotten’ and their personal data deleted if they wish.
  • To be able to see what personal data is being held about them, and to make sure their personal data is correct.
  • Increased importance for the protection of children.
  • Increased importance for not allowing people without permission to see or use others’ personal data.
  • If someone’s personal data has been used by people without permission, they have to be told what happened.
What data is the school holding?

The information we hold depends on who it relates to, for example we keep bank account details for staff but not for parents. Each privacy notice explains what information we keep for the people it relates to,

There is a mistake in my data. How can I get my data corrected?

If you find there is a mistake in the data we hold then please email the school (, or the appropriate year office) and ask for it to be changed.
We need to have a record of the change request so please do not make a phone call or just tell a member of staff.