GDPR (General Data Protection Regulation)

Baldersby St James school aims to ensure that all personal data collected about staff, pupils, families, governors, visitors and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill.  

The Information Policy applies to information in all forms including, but not limited to:

  • Hard copy or documents printed or written on paper;
  • Information or data stored electronically, including scanned images;
  • Communications sent by post/courier or using electronic means such as email, fax or electronic file transfer;
  • Information or data stored on or transferred to removable media such as tape, CD, DVD, USB storage device or memory card;
  • Information stored on portable computing devices including mobile phones, tablets, cameras and laptops;
  • Speech, voice recordings and verbal communications, including voicemail;
  • Published web content, for example intranet and internet;
  • Photographs and other digital images.  

​Our School’s policy meets the requirements of the GDPR and the expected provisions of the DPA 2018. It is based on guidance published by the Information Commissioner’s Office (ICO) on the GDPR and the ICO’s code of practice for subject access requests. In addition, this policy complies with regulation 5 of the Education (Pupil Information) (England) Regulations 2005, which gives families the right of access to their child’s educational record. 

BSJ Publication Scheme

HLTY Data Protection Policy

HLTY Freedom of Information

HLTY Privacy Notice Families

HLTY Privacy Notice Students

HLTY SAR Policy Procedures