All Saints

All Saints

Church of England Primary School

Together we Aspire, Believe, Explore, Achieve

Tamar Way, Didcot, Oxon OX11 7LH

01235 819143

Data Protection and GDPR

general data protection regulation (GDPR)

The General Data Protection Regulation is a piece of UK and EU-wide legislation which determines how personal data is processed and kept safe and the legal rights that individuals have in relation to their own data.  It came into effect on 25th May 2018 and applies to all organisations that process or handle personal data, including schools.  This legislation is similar to the Data Protection Act (DPA) 1998 - either building on or strengthening its principles.  The legislation also gives guidance as to how long information can be held and our Retention Policy outlines how this works within our school for the different types of information that we hold.  A copy of our Data Retention Policy is available here.


privacy notices

These explain why we process information, what we do with it, our legal basis for processing and your right to make a complaint and other rights in relation to access and correcting inaccurate information.

RET Privacy Notices and Complaints Procedure


subject access requests (SAR)

If you wish to have access to the data we hold on you/your child you will need to complete an SAR (Subject Access Request) form.  Please read the Privacy notice as this includes details about what you can request.  The SAR should be returned to the Data Protection Officer.  All requests should be responded to within a month however if the request is made when the school is closed there will be some delay. The request will be dealt with as soon as possible when the school reopens.



The majority of pupil information which we hold is provided to us on a mandatory basis there are some aspects of information that are provided on a voluntary basis.  We will always inform parents whether the information we are requesting is required or voluntary - if it is voluntary we will ask if you are happy for us to hold that information and also how we can use it.  For example, publicity - we already ask for permission to use personal information for publicity purposes, including photographs, names and children's' work.

We also hold parent information for communication and emergency contact purposes. We will never pass this information on to a third party unless it is to be used directly for school purposes e.g. communication and payment systems. When completing pupil enrolment forms with parental contact information you are agreeing for its use for school purposes only.

data breaches

We are required under GDPR to notify the Information Commissioner's Office within 72 hours of any data breaches where an individual is likely to suffer some form of damage, such as through identity theft or a confidentiality breach.

Further information is available here.


data protection officer

The data protection officer (DPO) is responsible for overseeing the implementation of this policy, monitoring our compliance with data protection law, and developing related policies and guidelines where applicable. The DPO will provide regular reports to the Audit & Risk Committee. Our DPO is Robert Majilton and is contactable via:

The Trust Data Lead (DL) is the first point of contact for individuals whose data the schools/Trust processes. Our Data Lead is Jane Emmott and is contactable via:

ICO Registration: Z1208879

Back to the Top