Quick Links

Quick Links


GDPR stands for General Data Protection Regulation. These are regulations that came into force on 25th May 2018 through the Data Protection Act 2018 which updated and replaced the Data Protection Act 1998. It was amended on 1st January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU. 

It sits alongside and supplements the UK GDPR, for example by providing exemptions.

The UK GDPR is the UK General Data Protection Regulation. It is a UK law which came into effect on 1st January 2021. It sets out the key principles, rights and obligations for most processing of personal data in the UK.

The GDPR is based on data protection principles that our Trust must comply with. 

The principles say that personal data must be:

  • Processed lawfully, fairly and in a transparent manner
  • Collected for specified, explicit and legitimate purposes
  • Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed
  • Accurate and, where necessary, kept up to date
  • Kept for no longer than is necessary for the purposes for which it is processed
  • Processed in a way that ensures it is appropriately secure

Data Controller

Gravel Hill Primary School is registered with the ICO (Information Commissioner’s Office) as a Data Controller. As a school, we take our responsibilities to data protection very seriously and we aim to ensure that all personal data collected about staff, pupils, parents, governors, visitors and other individuals is collected, stored and processed in accordance with GDPR.

Our school collects, holds and shares information (where necessary and where we are legally obligated to do so) about our pupils and families in order to provide relevant educational services that include keeping pupils safe. 

For full information about GDPR within the school and Unity Academy Trust please read our Data Protection Policy on our Policies page.

Data Protection Officer (DPO)

The School’s DPO is Mrs K McLaughlin. 

Please contact her via dpo@unityacademytrust.co.uk 

The Data Protection Officer is responsible for overseeing and monitoring Gravel Hill Primary School’s compliance with data protection law, and developing related policies and guidelines where applicable.

The DPO will provide an annual report of their activities directly to the governing board and, where relevant, report to the board their advice and recommendations on school data protection issues. 

The DPO is also the first point of contact for individuals whose data the Trust processes, and for the ICO.

The Trustee responsible for GDPR is: Mr K Bradshaw

The School Governor responsible for GDPR is: Mrs E Neale

Related Documents

These documents can be found on the school’s policy page.

  • Data Protection Policy
  • Data Privacy Impact Assessment Policy
  • E-Safety Policy
  • Freedom of Information Policy
  • Photography Policy
  • Privacy Notices
  • Social Media Policy
  • Subject Access Policy