Message sent from:


Data Protection

The Data Protection Act 1998 was replaced by the General Data Protection Regulation (GDPR) and Data Protection Act 2018 on the 25th May 2018. GDPR brings with it a new responsibility to inform parents and stakeholders about how we are using personal data and who it is being used by.

Data Controller

Attain Academy Trust is registered as a ‘Data Controller’ with the Information Commissioner’s Office (Reg. No. Z6544921).

Our Data Protection Officer is Mrs Ellwood

What does GDPR mean for the Trust?

GDPR requires organisations to identify the lawful basis for processing and storing personal data, to audit information already held and to take a ‘data protection by design and default’ approach to personal data. It also introduces new individual rights relating to personal data.

At Attain Academy Partnership, we take our GDPR obligations seriously. We will ensure that your personal data is processed fairly and lawfully, is accurate, is kept secure and is retained for no longer than is necessary. Our pupils, parents, carers, staff, governance members and stakeholders have the right to be right to be informed, to object, to rectification, to erasure, to restrict processing and to data portability.

A great deal of the processing of personal data undertaken by the schools will fall under the specific legal basis ‘in the public interest’. As it is in the public interest to operate schools successfully, specific consent will not be required in the majority of cases in schools. Explicit consent must be given however to anything that isn’t within the normal business of the school, especially if it involves a third party.

If you have any queries, please get in touch with our Data Protection Officer, who can be contacted at dpo@attain.essex.sch.uk.

Hit enter to search