GDPR - General Data Protection Regulations

Dear Parent/Guardian,


On the 25th May 2018, the General Data Protection Regulations (GDPR) comes into force in the UK.  These are new data protection regulations built upon the Data Protection Act of 1998.


The GDPR require public authorities and businesses to identify the lawful basis for storing personal data, audit information we already hold and take a ‘data protection by design and default’ approach to personal data.  


We take data protection very seriously at St Nicholas School.   In line with GDPR requirements, we have appointed a Data Protection Officer (DPO), his name is Richard Maskrey and his contact details will follow shortly. We also have a Deputy Data Protection Officer/Data Manager (DDPO), Mrs Brinded, in school for day to day queries you may have. Both our DPO and DDPO will oversee our approach to data management and protection. 


In order to ensure that we comply with the new regulations, we are reviewing our current policies and practices. 


As part of this compliance process, we are also seeking to update the consent forms we have received from parents and pupils.   The new regulations are clear that consent must be up-to-date and clearly recorded.  From now on, lack of response cannot be interpreted as implied consent.  More information regarding this will follow shortly.


To learn more about the General Data Protection Regulation, please visit the Information Commissioner’s Office website on