Skip to content ↓



The UK GDPR came into force on 1st January 2021, when the EU GDPR was enacted into UK law after Brexit. The UK GDPR reflects all the contents of the EU GDPR, which was introduced in May 2018.

GDPR gives enhanced rights to individuals, and greater responsibilities for organisations (including schools). We have increased our transparency and accountability and ensure that we are complying with the principles of GDPR when processing personal data.

You can read more about the principles here: ico. Data Protection Principles

We have taken the following actions:

  • Appointed a Data Protection Officer to advise the school and monitor our compliance
  • Trained all new and existing staff in data protection and reminded them of their responsibility to keep personal data safe.
  • Considered our lawful basis under UK GDPR for processing your personal data, and when we will require your consent
  • Completed an audit of all the data we are processing in school, to comply with Article 30 of UK GDPR
  • Published privacy notices to inform you of how we use your personal data
  • Updated our Data Protection policy
  • Reviewed our procedures for data collection and retention, to ensure they are compliant with UK GDPR – we follow the advice of the Information and Records Management Schools Toolkit here Schools Toolkit
  • Logged all data breaches, and considered whether they require notification to the Information Commissioner’s Office

Please see: Oaklands School Policies and Privacy Notices

If you have any questions about how the school is complying with the law, please contact our Data Protection Office at