Swalwell Primary School

Working together, learning together



The  UK General Data Protection Regulation ( UK GDPR) is a legal framework that sets guidelines for the collection and processing of personal information of individuals within the European Union (EU). UK GDPR came into effect across the EU on May 25, 2018.


UK GDPR Statement for Parents/Carers and Pupils/Students

We take your privacy very seriously and work to the highest standard to keep your data safe. We are committed to compliance with all relevant laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the  UK General Data Protection Regulation (UK GDPR). Ongoing compliance is embedded in all processes and policies throughout the school.


Who is responsible for Personal Data?

Under the UK GDPR, we are recognised as a Data Controller, Data Processor, or both. The requirements differ depending on our role in the data collection and handling process.  As a Data Controller, we define how and why personal data is collected, stored, and used. We also utilise data processors – third parties that process the data we control on your behalf.

We will achieve compliance by ensuring personal data is processed lawfully, transparently, and for a specific purpose. Once the purpose is fulfilled and the data is no longer required, it will be deleted, as stipulated within our Data Retention Policy.  We currently comply with existing legislation, the Data Protection Act 1998 and 2018, and are very experienced at working within such regulations.


How we adhere to UK GDPR

We are registered with the Information Commissioner’s Office as Data Processor
We utilise a wide range of security measures in line with the recommendations provided by ICO (Information Commissioner’s Office)
We implement additional security measures including advanced firewalls, enhanced virus protection on all servers, regular data backup, username/password/PIN to control access, automatic suspicious activity detection and logging etc.
We provide data protection training to all teaching and support staff.
We carry out due-diligence with all third party data processors.
We will continue to share the specific details of personal data collected in our Privacy notices, bespoke to staff, parents and pupil. The revised notices are publicly available on our website.
We have completed a comprehensive data mapping audit of the data that we process and store. We have also reviewed our data breach incident response procedure.

Please click on the links below for our policies relating to UK GDPR;

Please click on the links below to view our Privacy Notices;