The General Data Protection Regulation (GDPR) came into force in the UK in 2018. The GDPR require public authorities and businesses to identify the lawful basis for processing personal data, audit information we already hold and take a ‘data protection by design and default’ approach to personal data. The school Data Protection Policy can be found here.
Crabtree Infants' School collects data and information about our pupils so that we can run effectively as a school and support our statutory functions. The GDPR privacy notice for pupils can be found here. This explains how and why we collect pupils’ data, what we do with it, and what rights parents and pupils have, including the right to request access to information about them that we hold (“Subject Access Request”).
The GDPR privacy notice for parents/carers can be found here.
Crabtree Academy Trust is the Data Controller and our Data Protection Officer is Mr Phil Kendall who oversees our approach to data management and protection.
For any enquiries for the Data Protection Officer, please contact in the first instance by email DPO@crabtreejm.herts.sch.uk