GDPR stands for General Data Protection Regulation. These are regulations that came into force on 25th May 2018 through the Data Protection Act 2018 which updated and replaced the Data Protection Act 1998. It was amended on 1st January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.
It sits alongside and supplements the UK GDPR, for example by providing exemptions.
The UK GDPR is the UK General Data Protection Regulation. It is a UK law which came into effect on 1st January 2021. It sets out the key principles, rights and obligations for most processing of personal data in the UK.
The GDPR is based on data protection principles that our Trust must comply with.
The principles say that personal data must be:
Processed lawfully, fairly and in a transparent manner
Collected for specified, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed
Accurate and, where necessary, kept up to date
Kept for no longer than is necessary for the purposes for which it is processed
Processed in a way that ensures it is appropriately secure
Unity Academy Trust is registered with the ICO (Information Commissioner’s Office) as a Data Controller. As a Trust, we take our responsibilities to data protection very seriously and we aim to ensure that all personal data collected about staff, pupils, parents, governors, visitors and other individuals is collected, stored and processed in accordance with GDPR.
Our Trust collects, holds and shares information (where necessary and where we are legally obligated to do so) about our pupils and families in order to provide relevant educational services that include keeping pupils safe.
For full information about GDPR within Unity Academy Trust and its schools’, Gravel Hill Primary and Upland Primary, please read our Data Protection Policy on our Policies page.
Data Protection Officer (DPO)
The Trust’s DPO is Mrs K McLaughlin.
Please contact her via firstname.lastname@example.org
The Data Protection Officer is responsible for overseeing and monitoring the Trust’s compliance with data protection law, and developing related policies and guidelines where applicable.
The DPO will provide an annual report of their activities directly to each school’s governing board and the Trust board and, where relevant, report to the boards their advice and recommendations on school data protection issues.
The DPO is also the first point of contact for individuals whose data the Trust processes, and for the ICO.
The Trustee responsible for GDPR is: Mr K Bradshaw
The Upland Primary School Governor responsible for GDPR is: Mrs S Sandhu
The Gravel Hill Primary School Governor responsible for GDPR is: Mrs E Neale
Some policies can be found on the policy page of this website. Other policies are school specific and can be found on each school’s website’s policy pages.