Data Protection


The General Data Protection Regulations (GDPR) is a European Directive that was brought into UK law as part of the updated Data Protection Act (DPA) in May 2018.
The GDPR and new DPA exist to look after an individual’s data. It is a series of safeguards for every individual. Information about individuals needs to be treated with respect and be secure.

To understand how the Academy collects and uses data, please read the Privacy Notices.


The Academy will seek consent from staff, volunteers, pupils, parents and carers to collect and process their data. It will be clear about the reasons for requesting the data and how it will be used. There are contractual, statutory and regulatory occasions when consent is not required.
However, in most cases data will only be processed if explicit consent has been obtained.
Consent is defined by the GDPR as “any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her”.

Consent and Renewal

On the Academy website there are ‘Privacy Notices’ that explain how data is collected and used. It is important to read those notices as it explains how data is used in detail. Obtaining clear consent and ensuring that the consent remains in place and accurate, is important for the Academy.