Skip to content ↓


From 25th May 2018, the Data Protection Act 1998 will be replaced by the General Data Protection Regulation which is often referred to as the “GDPR”.  Although many of the principles will remain the same as the DPA 1998, there will be some important changes which will affect schools

The GDPR require public authorities and businesses to identify the lawful basis for storing personal data, audit information we already hold and take a ‘data protection by design and default’ approach to personal data.   

The requirements of the GDPR will be met by this school as the basis for collecting, storing, accessing, sharing and deleting personal data. Data will be processed fairly lawfully and in a transparent manner. It will be used for specified, explicit and legitimate purposes in a way that is adequate, relevant and limited. It will be accurate and kept up to date and kept no longer than is necessary. Data will be processed in a manner that ensures appropriate security of the data

You have the right to:

  • Be informed about how we use your personal data.
  • Request access to the personal data that the school holds.
  • Request that your personal data is amended if it is inaccurate or incomplete.
  • Request that your personal data is erased where there is no compelling reason for its continued processing.
  • Request that the processing of your data is restricted.
  • Object to your personal data being processed.

We take data protection very seriously at Leighton Primary School. In line with GDPR requirements, we have an appointed Data Protection Officer to oversee our approach to data management and protection.   

Our Data Protection Officer is: 

Our Data Protection Officer is the ICT Service - 03003000000.

In order to ensure that we comply with new regulations, we have reviewed our policies and practices. We have updated our privacy notices in line with the new requirements and have developed a GDPR Policy.  These can be found below: