Data Protection

From 25 May 2018, the new GDPR applies in all EU member states. This affects how schools manage personal data and how this is protected and shared.

The EU's General Data Protection Regulation (GDPR) is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used.

Previously, the UK relied on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this has been superseded by the new legislation. It has introduced tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU.

Further information can be found at:

The Academy's Fair Processing Notice

Consent Forms

Websites & Apps used in school

Publication Scheme

Retention Schedule 2018

Early Years Funding Fair Processing Notice (Childcare & Nursery)

CSAWS Fair Processing Notice (Attendance & Welfare Agency)

Data Protection Policy, June 2018

Freedom of Information Policy, February 2019 (awaiting Governor ratification)

Records Management Policy, SMBC

Access to Information Policy, February 2019 (awaiting Governor ratification)


For further information, please contact Mrs Nickie Stead 0121 744 5245