Skip to content ↓


This refers to the General Data Protection Regulation, originally EU legislation which has been taken into UK law and should be viewed alongside the Data Protection Act 2018 to provide a comprehensive picture of data protection legislation in the UK. 

GDPR legislation is designed to harmonise data privacy laws across Europe, as well as give greater protection and rights to individuals. With the introduction of GDPR there are significant additional protections for the public. The legislation identifies specific responsibilities for businesses and public bodies that handle personal information to ensure that data protection is considered whenever there is a requirement to process personal information. In essence, data protection legislation is about protecting personal data, and ensuring that individuals are aware of what data is being processed and how it is used. It gives individuals greater control and say over how their personal data is used by companies and public bodies.

GDPR defines personal data as:

Any information relating to an identified or identifiable person (known as a data subject).

An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an ID number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.

GDPR at Decoy Community Primary School

You can view our full Data Protection Policy below, including how to raise a subject access request and speak to our data protection officer if you have any concerns about how we handle and process your information.