St Andrew's Church of England Primary School An intelligent heart acquires knowledge and the ear of the wise seeks knowledge. Proverbs 18:15

UK GDPR/Data Protection

General Data Protection Statement


The Head teacher and the Governors of Stanley St Andrew’s Church of England Primary School intend to comply fully with the requirements and principles of the Data Protection Act 1998 and the UK General Data Protection Regulations May 2018.


All staff involved with the collection, processing and disclosure of personal data will be aware of their duties and responsibilities within these guidelines.


The school will endeavour to ensure that all processing is appropriately registered/notified and will review, and update notified entries.


Staff deliberately acting outside their recognised authority may be subject to appropriate disciplinary proceedings.


It is recognised that other legislation (for example the Crime and Disorder Act) or Safeguarding may override the UK General Data Protection Regulations - Data Protection Act 2018. 


Data Subjects and Rights


Every single one of us is a Data Subject (DS). We all have data stored about us, our children and our families by organisations. Schools, shops, IT companies, government departments, charities - data is everywhere and we have the right to ensure that our data is treated with respect.


As data subjects we do have rights. All individuals have a right:


  • to be informed
  • of access to data stored about them or their children
  • to rectification if there is an error on the data stored
  • to erasure if there is no longer a need for school to keep the data
  • to restrict processing, i.e. to limit what is done with their data
  • to object to data being shared or collected


There are other rights that relate to automated decision making and data portability that are not directly relevant in schools.


Data subjects’ rights are also subject to child protection and safeguarding concerns, sharing information for the prevention and detection of crime.


Schools also have legal and contractual obligations to share information with organisations such as the Department for Education, Social Care, the Local Authority and HMRC amongst others. In some cases, these obligations override individual rights.


You can find more information on the rights of data subjects in our Data Protection Policy.

Our privacy notices explain the purposes for which personal data are collected and used, how the data are used and disclosed, how long it is kept, and the controller's legal basis for processing.

These documents can all be found below.

Records Retention Document

Data Breach & Non Compliance Procedure

Workforce Privacy Notice

Our Data Protection Officer (DPO)

J. A. Walker, Solicitor

Office 7, The Courtyard

Gaulby Lane





UK GDPR and DPA Complaints

All complaints relating to Data Protection should be addressed to our Data Protection Officer, Mr John Walker, who is responsible for dealing with all complaints in line with this procedure.

Data Protection and the UK GDPR – January 2021


As the UK transitional arrangements expired on 31 December 2020, there are some practical changes for Data Protection and the GDPR.


To comply with the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 please note that every policy, notice and procedural guide that refers to ‘GDPR’ shall now be read as ‘UK GDPR’.


The rights, responsibilities and data protection that the Data Protection Act 2018 and the GDPR are not changed. Our procedures and arrangements will not change.


If you have any queries please contact  Julie Fowler in the school office.

Track & Trace


As in school, it is vital that we all work together to protect pupils, staff, parents and everyone who comes into our premises.


The Government has said we must follow NHS Test and Trace guidance.  We will do so, but we are also mindful of protecting data about all individuals.


If anyone in our school tests positive for Coronavirus, we have safety measures in place, and in some cases, it may be necessary for groups of people to be sent home, and requests that they go for testing.

If there are multiple cases, this will be reported as an incident and Public Health England and the Local Authority, and other agencies, will support the school community.


It may be necessary for us to share very basic contact information, names and contact details, for effective test and trace procedures to be put in place.  This information will be kept to a minimum, and only released to manage the test and trace process.  The guidance is clear that we must be vigilant to protect personal data.


We will also keep a record of who we shared information with, and why we felt it appropriate or necessary to do so.


Of course, we hope this will not be necessary.  However, we have a public duty to protect pupils, staff and our whole school community.


Their privacy notice about test and trace is available above.

Covid 19 - Track and Trace Privacy Notice

Key Worker Information


In order to comply with the Government’s guidance with regard to shutting schools and providing places for key worker children, it is necessary for us to collect and manage data about these children and their parents/carers in a different way.


Our standard UK GDPR policy applies, and information found on our privacy notices relating to staff, parents and of course pupils will apply in all cases. We will use the information that relates to key workers in order to ensure that those children who are entitled to a place at school whilst schools are officially closed are correctly processed, managed and safeguarded.


The Data Controller continues to take its obligations to data processing seriously and will ensure that appropriate safeguards and measures are in place.