General Data Protection Regulation (GDPR)

On the 25th May 2018 the General Data Protection Regulation (GDPR) will become applicable, and will take over from the current Data Protection Act 1988.

St Mary’s Catholic Primary School is a data controller, and must process personal data in compliance with Article 5 of the GDPR which states that personal data must be:

  • Processed fairly, lawfully and in a transparent manner in relation to the data subject;
  • Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes;
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed;
  • Accurate and, where necessary, kept up to date;
  • Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed;
  • Processed in a way that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or oganisational measures.

To find out more about GDPR, including your rights to access, erasure and correction please visit the Information Commissioner’s Office (ICO) website at

For a clear and concise presentation on the GDPR, please click here

Copies of school policies relating to data protection are attached below:

Data Protection Policy

Privacy Notice for Pupils

Privacy Notice for School Workforce