GDPR for the Croft Primary School



On the 25th May 2018, the General Data Protection Regulation (GDPR) came into force in
the UK.
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation
by which the European Parliament, the Council of the European Union and the European
Commission intend to strengthen and unify data protection for all individuals within the
European Union (EU).
The GDPR require public authorities and businesses to identify the lawful basis for storing
personal data, audit information we already hold and take a ‘data protection by design and
default’ approach to personal data.
The Croft Primary School takes data protection very seriously. The Croft Primary School
collects and uses personal information about staff, pupils, parents and other individuals who
come into contact with the school. This information is gathered in order to enable it to
provide education and other associated functions. In addition, there may be a legal
requirement to collect and use information to ensure that the school complies with its
statutory obligations. In line with GDPR requirements, we have appointed a Data Protection
Officer through the GCC Information Management Service to oversee our approach to data
management and protection.


Data Protection Policy

privacy notice - parents and pupils.pdf

Freedom of Information Policy

Freedom of Information Publication Scheme