General Data Protection Regulation


As a school we are aware of our responsibilities under the new GDPR that came into force on the 25th May 2018. We are working with our strategic partner ‘Turn It On’ to ensure that we are compliant.

As a school we are dedicated to protecting the personal data of all staff, pupils, parents/carers, governors and visitors. We fully comply with our responsibilities under the government’s General Data Protection Regulation (GDPR) which came into force on the 25th May 2018. The GDPR requires that six principles be adhered to when processing personal data. Adherence is achieved by the school implementing appropriate rules and procedures and by ensuring that all necessary training, guidance and advice is provided to staff, pupils, parents/carers, governors and visitors; they are then expected to incorporate the policy into their own working or study environments.

1)       Processed fairly, lawfully and in a transparent manner.
2)       Collected only for specified, explicit and legitimate purposes.

3)       Adequate, relevant and limited to only the purposes for which it is being processed.
4)       Accurate and up-to-date.
5)       Kept for no longer than is necessary.

6)       Processed in a way which ensures protection from unauthorised or unlawful processing and against accidental loss, destruction or damage.


The GDPR also provides individuals with the following rights in relation to their personal data held and processed by the school. They are entitled to:


1)       Be informed of how their data is being processed (see our school privacy notice).

2)       Access their personal data, also known as a Subject Access Request.

3)       Correct any inaccuracies.

4)       Have information erased.

5)       Withdraw consent so as to stop or restrict data processing.

6)       Data portability, allowing them to get and re-use data for different services.

7)       Object to how data is processed in some circumstances.

8)       Intervene in respect of profiling and automated decision making.


For further information about data protection at our school, please email our designated data protection lead, James Vernon (headteacher):


Alternatively, if you wish to obtain more information or raise a complaint, you can directly contact the Information Commissioner’s Office (ICO). Please see the link below:








PrivacynoticeStaff.pdf .pdf
Quainton Pupil Privacy Notice.docx .docx
Quainton Data-Retention-Policy.pdf .pdf
Quainton Appropriate-Policy-Document.docx.pdf .pdf
Quainton Data-Protection-Policy.pdf .pdf
Quainton Data-Protection-Policy.pdf .pdf