FREE All Saints Barnet iPhone & Android App
Baku images

General Data Protection Regulations (GDPR)

On the 25th May 2018 the General Data Protection Regulation (GDPR) came into force. The GDPR works in tandem with the Data Protection Act 2018 and is designed to strengthen the safety and security of all data held within an organisation, and make sure processing and storage procedures are consistent. It is important that you understand your rights under the GDPR; you have the right to:


  • Be informed about how we use your personal data.
  • Request access to the personal data that the school holds.
  • Request that your personal data is amended if it is inaccurate or incomplete.
  • Request that your personal data is erased where there is no compelling reason for its continued processing.
  • Request that the processing of your data is restricted.
  • Object to your personal data being processed.


The GDPR will result in changes for the school, meaning that the school will have to prove compliance with the GDPR, by having effective policies in place. There are also changes to the rights that individuals have, such as the right to have your information erased.


Privacy notices must also include new information, such as an individual’s right to complain to the Information Commissioner’s Officer (ICO). The GDPR takes into account the information of children too: parental consent is needed for children up to the age of 13, at which point, the child may be able to consent for themselves.


A data breach notification duty is applied to all schools, and those that are likely to cause damage, e.g. identity theft, have to be reported to the ICO within 72 hours – failure to do so can result in a fine. A data protection impact assessment will be completed, which will likely be carried out when using new technologies and the processing is likely to result in a high risk to the rights and freedoms of individuals.


One of the biggest changes has been in terms of consent; consent must be a ‘positive indication’, which means that it has to be opted into, clear and unambiguous. Any parental consent given to the school under the Data Protection Act 1998 has been reviewed and we have asked all our parents/carers to complete and return a multi-purpose consent form. Parental consents not covered by the multi-purpose consent form may be requested and we will ensure that we ask for your consent as it becomes appropriate to do so.


We are pleased to be able to announce that we have appointed a committee of governors to take responsibility for working with the school on GDPR. This committee will focus on monitoring the school’s policies and procedures to ensure compliance with the new GDPR legislation and report to the full governing body. In 2017, the committee started an audit of all school held data to ensure its compliance with GDPR. The aim of this audit is to be able to fully confirm that the school has:


  • A registered Data Protection Officer.
  • Embedded GDPR requirements into policies and day-to-day activities.
  • Implemented technical measures to ensure GDPR compliance.
  • Documented and recorded compliance measures.
  • Scheduled comprehensive internal training for GDPR compliance.
  • Audited data protection measures with audit results used to implement compliance.


Please read the school’s privacy notices posted on this website. It is important that you read and understand the privacy notices, as the school wants to ensure that you know what we are doing with your data and that you know we are acting legally. In the coming weeks the school will be publishing a range of GDPR documents. Consent forms and data caption forms will also be updated and republished. This page will be used to host all documents as they are written and revised in line with the GDPR.


Schools are required to appoint a data protection officer (DPO). The DPO for All Saints' is Claire Mehegan. She can be contacted via the school or via email: 


During May 2018 a letter was sent to all parents and carers explaining the school's privacy notices. Included with the letter was a copy of the Images & Video Consent Form. For copies of the documents, click on the links below.


Letter to Parents & Carers: GDPR

Privacy Notice for Parents, Carers & Pupils

Images & Video Consent Form


The documents listed below have been written in line with new GDPR guidelines. They are based on documents created by the London Diocesan Board for Schools. Further documents will be added as they are ratified by the Governing Body.


Data Protection Policy

Freedom of Information Scheme

Breach Management Policy


If you have any questions about GDPR, you can contact the ICO on 0303 123 1113 or you can visit their 'Guide to the GDPR' webpage by clicking here.


For a link to our cookie policy and website disclaimer, click here.

For school related data protection enquiries, please email: