The General Data Protection Regulation (GDPR) is a UK law which comes into effect on the 25th May 2018 and is the culmination of 4 years of deliberation on the changes of technology since the current Data Protection Directive 1995 was enacted, as well as possible future technologies. If you consider that in 1995 we had Ceefax, telephone boxes, no Internet and no social media, many things have changed, not least the reliance on sharing personal information for banking, e-commerce and social interaction, thereby greatly increasing the potential risk to the individual.

In view of the new legislation with regards to data protection, all our policies are currently being reviewed. The General Data Protection Regulation (GDPR) came into force on the 25th May 2018.


All schools handle a large amount of personal data. This includes information on pupils, such as grades, medical information, images and much more, including data on staff, governors, volunteers and job applicants.


What is personal data?


This data is already governed by existing DPA (Data Protection Act) regulations, which ensure personal data is handled lawfully. However, the new GDPR has gone further and requires organisations (including schools) to document how and why they process all personal data.


What is GDPR exactly?


The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 Data Protection Directive, which current UK law is based upon. The EU’s GDPR website says the legislation is designed to “harmonise” data privacy laws across Europe as well as give greater protection to individuals. Please contact either Mr Lewis-Cole, Mrs Welch or Mrs Dean if you have any queries.


Data Protection Policy


Privacy Policy for Parents and Carers


Privacy Policy for Staff

Privacy Policy for Visitors

Privacy Policy for Governors

Visitor Privacy Notice: Track and Trace

Visitor Privacy Notice: Sign-In App

Workforce and Pupil Privacy Notice: Sign-In App

Subject Access Request Policy

Subject Access Request Guidance