Scroll to content Shapes
St Pauls CE Primary School

GDPR and Privacy notices

What is the General Data Protection Regulation? (GDPR)


On 25th May 2018, the UK's Data Protection Act 1998 was replaced by a new law called the GDPR (the EU General Data Protection Regulations 2016). This law governs how we collect, use and share people's information and provides greater rights to individuals and control over how their information is handled by organisations, including schools.


It is in place to give data subjects control of their data and gives organisations processing that data more responsibilities in relation to how they collect, process, store, share and destroy data.


We hold a great deal of data - not only about pupils, but also staff, parents, volunteers, visitors, suppliers and other 'data subjects'. GDPR requires us to not only minimise any risks to the unauthorised access and loss of personal data within school, but also provide evidence and documentation of our processing activity.


You have a right to be informed about how the school uses personal data about your child. We comply with this right by providing 'privacy notices' to individuals where we are processing their personal data - these can be found below. 


We are required by law, to provide information about our pupils to the Department for Education (DfE) as part of statutory data collections such as the school census and early years' census. Some of this information is stored on the National Pupil Database (NPD). The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.


To find out more about the pupil information we share with the DfE, for the purpose of data collections, click here.


If in the meantime you would like to know more about the GDPR and your rights, please visit the UK's data protection regulator, the Information Commissioner's Office at

  • Ofsted
  • St Pauls CE Primary School

Contact Us