GDPR - Data Protection Policy

North Ealing Primary School


The General Data Protection Regulation (GDPR) ensures a balance between an individual’s rights to privacy and the lawful processing of personal data undertaken by organisations in the course of their business. It aims to protect the rights of individuals about whom data is obtained, stored, processed or supplied and requires that organisations take appropriate security measures against unauthorised access, alteration, disclosure or destruction of personal data.

The School will protect and maintain a balance between data protection rights in accordance with the GDPR. This policy sets out how we handle the personal data of our pupils, parents, suppliers, employees, workers and other third parties.

This policy does not form part of any individual’s terms and conditions of employment with the School and is not intended to have contractual effect. Changes to data protection legislation will be monitored and further amendments may be required to this policy in order to remain compliant with legal obligations.

All members of staff are required to familiarise themselves with its content and comply with the provisions contained in it. Breach of this policy will be treated as a disciplinary offence which may result in disciplinary action under the School’s Disciplinary Policy and Procedure up to and including summary dismissal depending on the seriousness of the breach.

The committee with oversight for this policy
Policy to be approved by
Resources Committee
Policy last reviewed by the Resources Committee
Policy last ratified and adopted by Full Governing Body
Policy / Document due for review
November 2024