GDPR stands for General Data Protection Regulation. These are regulations that came into force on 25th May 2018 through the Data Protection Act 2018 which updated and replaced the Data Protection Act 1998. It was amended on 1st January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.

It sits alongside and supplements the UK GDPR, for example by providing exemptions.

The UK GDPR is the UK General Data Protection Regulation. It is a UK law which came into effect on 1st January 2021. It sets out the key principles, rights and obligations for most processing of personal data in the UK.

The GDPR is based on data protection principles that our Trust must comply with.

The principles say that personal data must be:

  • Processed lawfully, fairly and in a transparent manner

  • Collected for specified, explicit and legitimate purposes

  • Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed

  • Accurate and, where necessary, kept up to date

  • Kept for no longer than is necessary for the purposes for which it is processed

  • Processed in a way that ensures it is appropriately secure

Data Controller

Unity Academy Trust is registered with the ICO (Information Commissioner’s Office) as a Data Controller. As a Trust, we take our responsibilities to data protection very seriously and we aim to ensure that all personal data collected about staff, pupils, parents, governors, visitors and other individuals is collected, stored and processed in accordance with GDPR.

Our Trust collects, holds and shares information (where necessary and where we are legally obligated to do so) about our pupils and families in order to provide relevant educational services that include keeping pupils safe.

For full information about GDPR within Unity Academy Trust and its schools’, Gravel Hill Primary and Upland Primary, please read our Data Protection Policy on our Policies page.

Data Protection Officer (DPO)

The Trust’s DPO is Mrs K McLaughlin.

Please contact her via

The Data Protection Officer is responsible for overseeing and monitoring the Trust’s compliance with data protection law, and developing related policies and guidelines where applicable.

The DPO will provide an annual report of their activities directly to each school’s governing board and the Trust board and, where relevant, report to the boards their advice and recommendations on school data protection issues.

The DPO is also the first point of contact for individuals whose data the Trust processes, and for the ICO.

The Trustee responsible for GDPR is: Mr K Bradshaw

The Upland Primary School Governor responsible for GDPR is: Mrs S Sandhu

The Gravel Hill Primary School Governor responsible for GDPR is: Mrs E Neale

Related Documents

Some policies can be found on the policy page of this website. Other policies are school specific and can be found on each school’s website’s policy pages.

  • Data Protection Policy

  • Data Privacy Impact Assessment Policy

  • E-Safety Policy

  • Freedom of Information Policy

  • Photography Policy

  • Privacy Notices

  • Social Media Policy

  • Subject Access Policy