From 25th May 2018, all data held by the school is compliant with the General Data Protection Regulation (GDPR). It is based on the Data Protection Act 1998 but brings many enhancements to the rights of individuals in regards to their personal data.

The GDPR increases the importance of data protection and emphasises accountability. As a school we employ a ‘privacy by design’ approach – thinking about how we use and manage data securely in everything we do. The emphasis on accountability means that as a school we have increased the amount of documentation we use to record procedures and issues. 

All personal data, electronic and paper copies, are stored on our secure server or in locked cabinets in locked rooms with access restricted on a 'need to know' basis.  

The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals.


The GDPR provides the following rights for individuals:

  1. The right to be informed
  2. The right of access
  3. The right to rectification
  4. The right to erasure
  5. The right to restrict processing
  6. The right to data portability
  7. The right to object
  8. Rights in relation to automated decision making and profiling.

Our GDPR Policy can be found here.

Click here for the School Privacy Notice.

The "Right of access" allows you to make a subject access request regarding the information the school holds about parents, pupils and staff. Please click here for further details.

If you click here you can visit the ICO’s GDPR website to read in depth information about all aspects of GDPR.

There are 6 key principles to the GDPR that the school is accountable for:

  • There must be a lawful reason for collecting personal data and it must be done in a fair and transparent way.
  • Data must only be used for the reason it is initially obtained.
  • No more data than is necessary should be collected.
  • Data has to be accurate and there must be mechanisms in place to keep it up to date.
  • Data should not be retained for longer than is necessary.
  • The protection of personal data must be upheld.

Carden has developed a comprehensive GDPR Data Protection Policy for all staff working in our school. All staff are trained annually and sign to agree full compliance. Our Data Manager is Helen Longton-Howorth.

The school's Data Protection Officer is Nigel Watson, Deputy Head of Coldean Primary School.

This is a list of the data processors used by the school with links to their GDPR compliance policies/statements.

(Please note that links are being updated when the processors have completed their GDPR documentation.)

  • CPOMS (Online pupil behaviour and child protection records)
  • EVOLVE (Online portal to record details of Educational Visits made by pupils)
  • MyMaths (Online maths homework activities with individual pupil logins)
  • ParentPay (Online payment account for school meals, after-school clubs and educational visits/visitors)
  • Scholarpack (Management Information System)
  • Sumdog (Online maths number facts/skills activities with individual pupil logins)
  • Tapestry (Online Learning Journals for pupils in Nursery and Reception classes
  • Teachers2parents (Texting service)
  • Webanywhere (Website provider)