On May 25th 2018 the General Data Protection Regulation (GDPR) came into effect across the EU. It is a new law that is being implemented in exactly the same way across all EU countries to create a level set of rules to ensure all data held and processed by organisations within the EU is secure and processed lawfully.


As public organisations, all schools and academies are required to comply with GDPR. At St John’s CE Primary school we have been working on our GDPR readiness since January 2018. Since then we have:


  • Made everyone on the staff aware of GDPR and the new requirements
  • Been on training courses
  • Have explored how we can monitor data protection across our school community
  • Reviewed and updated school documents and policies


The process of becoming fully GDPR compliant will be a long one because it affects all aspects of the school. We do already have strong Data Protection policies and protections but these are currently being updated in line with GDPR.


We will continue to look at our practices and procedures in school to ensure that GDPR is central to our day-to-day culture. We already highly value and protect all of our pupil, parent and staff data and will continue to do so in the presence of GDPR.


As a parent/carer you may receive some letters from us regarding GDPR. Some of those may be about consent and some about updating your information with us. Please do read and send back everything you receive.


For further information about GDPR, please click here to visit the ICO website





© Copyright 2017–2019 St John's C of E Primary School