What is the UK GDPR?

The UK General Data Protection Regulation (UK GDPR) works with the Data Protection Act 2018 (DPA 2018) to form the UK's data protection framework.

It determines how people’s personal data is processed and kept safe, and the legal rights individuals have over their own data. 

The UK adopted the EU GDPR in 2018, but since the UK's withdrawal from the EU it has used its own version, known as the UK GDPR. 

How has Brexit changed the UK's data protection laws? 

In January 2021, the EU GDPR was incorporated into UK legislation as the 'UK GDPR' (by this piece of legislation).

The key principles, rights and obligations remain the same as before, but there were some amendments, predominantly around international transfers of data. 

The DfE published guidance to help education providers stay compliant with these changes, which you can find here.

This legislation affects all of us and no doubt your own work places will also be making the required changes. We ask parents to support the changes being made to school systems to help easily facilitate the secure transfer and processing of information by:

  • Reading the privacy notices
  • Responding to the consent/permission request sent out by email and confirming your preferences through the Survey Monkey form. Please see below for more information
  • Dowloading the Parent App to keep us informed of any changes securely, see below for more information.
  • Letting us know if there are any changes to the consent preferences.


Privacy Notices

Below you will find our new privacy notices, which explain in detail what information we will need from you, why it is needed, how it will be stored, who we share it with (if this is required) and how long it will be kept for. It also explains your rights regarding consent. 


As a school we are required to collect certain information in order to carry out our core functions of providing education and ensuring the wellbeing and welfare of the children. We do this on the legal basis that we are required to, as an authority, and therefore require no further permission to do this.  There are areas however where we do require your permission to use the information you have given us for activities other than our core functions. These include extra curricular activities, Parent Association events, Alumni events amongst others. For these additional activities we will seek your specific consent to use your information, this must be freely given, informed and unambiguous.

Through the new legislation parents have enhanced rights regarding the information held on their child, these are explained in more detail in the newsletter at the bottom of this article. In order to meet these additional rights we have teamed up with Arbor who manage our pupil data to provide parents with the Parent Portal, we are encouraging all parents to download the app when the invitation comes out.  If you haven't already done this we will send periodic reminders with your log in details. 


For further information on GDPR see the newsletter below.

How long we keep information for 

The school has a Data Retention Policy which informs how long we retain information for.  This can be found below.  

Data Protection Officer 

The Data Protection Officer is responsible for overseeing the data protection within the school so if you have any questions in this regard, please do contact them on the information below:-

Data Protection Officer : Judicium Consulting Limited

Address: 72 Cannon Street, London EC4N 6AE

Email: dataservices@judicium.com

Web: judiciumeducation.co.uk

Telephone: 0203 326 9174

Lead Contact: Craig Stilwell





© Copyright 2017–2024 Corpus Christi Catholic School

School & College Websites by Schudio