GDPR / Privacy Notices

Updated: Thu 3 Feb 2022   Share: Share on facebookShare on TwitterShare on MySpaceShare by Email

General Data Protection Regulation

GDPR Summary

On the 25th May 2018, the General Data Protection Regulations (GDPR) came into force in the UK.  These new data protection regulations build upon the Data Protection Act of 1998.

The GDPR requires public authorities and businesses to identify the lawful basis for storing personal data, audit information we already hold and take a ‘data protection by design and default’ approach to personal data. In line with GDPR requirements, we have appointed a Data Protection Officer, Mr Griffiths, to oversee our approach to data management and protection.

In order to ensure that we comply with the new regulations, we are reviewing our current policies and practices. We have already updated our privacy notices in line with the new requirements.

As part of this compliance process, we will be seeking to update the consent, where necessary, that we have previously received from parents and students over the coming weeks.   The new regulations are clear that consent must be up-to-date and clearly recorded.  From now on, lack of response cannot be interpreted as implied consent.

To learn more about the General Data Protection Regulation, please visit the Information Commissioner’s Office website on

Why does this matter to The Bishop’s Stortford High School?


As a school, we handle a large volume of personal data on a day-to-day basis it is therefore extremely important that we are all aware and ready for the introduction of the new legislation.

How will The Bishop’s Stortford High School achieve compliance?

The school is currently undertaking a data assessment to fully understand our existing personal data processing activities to ensure we reach compliance.

We are:

  • Actively engaging with our external suppliers to ensure they are working towards GDPR compliance.
  • Carrying out necessary Privacy Impact Assessments.
  • Reviewing our activities and associated policies and procedures as necessary to fully comply with GDPR following a thorough assessment.

Personal Data Types

GDPR and other data protection laws rely on the term ‘personal data’ to discuss information about individuals. There are two key types of personal data in the UK and they cover different categories of information.

What is Personal Data?

Personal data can be anything that allows a living person to be directly or indirectly identified. This may be a name, an address, or even an IP address. It includes automated personal data and can also encompass pseudonymised data if a person can be identified from it.

What is sensitive to personal data?

GDPR calls sensitive personal data as being in ‘special categories’ of information. These include trade union membership, religious beliefs, political opinions, racial information, and sexual orientation.

GDPR Support

If you have any further questions, please contact and we will endeavour to respond at the earliest opportunity

Privacy Notices

These can be viewed by following the links below. These explain our procedures and explain how we obtain data, how we store and use it and in some instances whom we share it with.