Message sent from:

Data Protection


On the 25th May 2018, the General Data Protection Regulation (GDPR) will replace the Data Protection Act 1998. GDPR brings with it a new responsibility to inform parents and stakeholders about how we are using personal data and who it is being used by.

Data Controller

Attain Academy Trust is registered as a ‘Data Controller’ with the Information Commissioner’s Office (Reg. No. Z6544921).

Our Data Protection Officer is Mrs Ellwood

What does GDPR mean for the School?

GDPR requires schools to identify the lawful basis for processing and storing personal data, to audit information already held and to take a ‘data protection by design and default’ approach to personal data. It also introduces new individual rights relating to personal data.

At Newlands Spring Primary School, we take our GDPR obligations seriously. We will ensure that your personal data is processed fairly and lawfully, is accurate, is kept secure and is retained for no longer than is necessary. Our pupils, parents, carers, staff, governance members and stakeholders have the right to be right to be informed, to object, to rectification, to erasure, to restrict processing and to data portability

A great deal of the processing of personal data undertaken by the school will fall under the specific legal basis ‘in the public interest’. As it is in the public interest to operate schools successfully, specific consent will not be required in the majority of cases in schools. Explicit consent must be given however to anything that isn’t within the normal business of the school, especially if it involves a third party.


If you have any queries, please get in touch with our Data Protection Officer, who can be contacted at dpo@attain.essex.sch.uk.

Hit enter to search