top of page


Main GDPR principles​

The GDPR sets out the key principles that all personal data must be processed in line with.


Data must be:

  • processed lawfully, fairly and transparently

  • collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed

  • accurate and kept up to date; held securely

  • only retained for as long as is necessary for the reasons it was collected

There are also stronger rights for individuals regarding their own data.


The individual’s rights include:

  • to be informed about how their data is used

  • to have access to their data

  • to rectify incorrect information

  • to have their data erased

  • to restrict how their data is used

  • to move their data from one organisation to another

  • to object to their data being used at all


The Data Protection Officer for the School is:

[Name] [Contact]

bottom of page