The General Data Protection Regulation (GDPR) is a piece of EU-wide legislation which determines how personal data is processed and kept safe and the legal rights individuals have in relation to their own data. The regulation applies to all schools and still applies even though the UK has left the EU.

Policies and Procedures:

Data Protection Policy
Data Secuirty Policy
Records Management Policy
Records Retention Schedule
Subject Access Request (SAR) Procedure
Subject Access Request Form

Privacy Notices:

Privacy Notice for Pupils and Families
Child Friendly Privacy Notice
Privacy Notice for Staff
Privacy Notice for Members, Trustees and Governors
Privacy Notice for Volunteers
Privacy Notice for Prospective Employees