Data Protection GDPR

Data Protection

Data Protection

How we use Pupil information

We collect and hold personal information relating to our pupils and may also receive information about them from their previous school, local authority and/or the Department for Education (DfE). We use this personal data to:

  • Support our pupils’ learning
  • Monitor and report on their progress
  • Provide appropriate pastoral care; and
  • Assess the quality of our services

Please click here for Waverley School Privacy Notice

Please click here for the Waverley School Retention Policy

Article 30 – Register of Processing Activities

 Article 35 – Data Protection impact Assessment 


  1. Security Data Protection Incident Reporting Procedure (whistleblowing and retention policy)
  2. Access Control Policy
  3. Cyber and Information Security Policy
  4. Freedom of Information  Policy
  5. Acceptable Use Policy
  6. Bring Your Own Device Policy
  7. Data Protection Policy (read in line with Acceptable Use, Subject Access Policy & Procedure, Freedom of Information, Security incidents reporting and use of cloud services)
  8. Information and handling information (read in line with Acceptable Use, Access Control, Code of conduct, Data Protection, Freedom of Information and Retention policies and Contracts/SLA agreements)

Letter to parents

14th May 2018

Dear Parent/Carer

As you are probably aware, the law on data protection in the UK changes on the 25 May 2018. There will be a new act, the Data Protection Act 2018 which applies the Europe-wide General Data Protection Regulation (GDPR) to the UK. This will not be changed by Brexit.

The new rules are designed to take account of the massive changes in data use since the Data Protection Act 1998. Facebook, smartphones, even Google did not exist at the time these rules were created, so the world has changed and the law must do so too.

Our school has published a new privacy statement and other documents as required to fit the new rules; we are still working to change all the various documents and processes, so you will see changes appearing on our website and forms over the next few months.

This may include having to ask you for consent for some things where we do not have another basis for processing and don’t already have a suitable consent; if you do not respond we will assume you do not consent as required by the “opt-in” regulations in the new law. Most processing in schools is governed by various laws so doesn’t need a separate consent, but this is not always the case.

The new rules change the rights that you have in respect of your data. For further information on this, please see the ICO website The rights are:

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

Our school has appointed a Data Protection Officer (DPO), who you can contact via email or post if, for example, you have an issue with our handling of your data that our school has not been able to assist you with. The DPO acts for a number of schools, so please ensure that you identify our school when contacting to avoid delays:

Yours sincerley

Gail Weir