Skip to content ↓


As you may be aware, the regulations for Data Protection will be changing on the 25th May 2018, replaced by the General Data Protection Regulations (GDPR). This new regulation will affect all schools, businesses, organisations and other establishments that use and process personal information.

What does GDPR mean for schools?

For schools, GDPR brings a new responsibility to inform parents and stakeholders about how they are using pupils’ data and who it is being used by.

Under GDPR, consent must be given to anything that isn’t within the normal business of the school, especially if it involves a third party managing the data. Parents (or the pupil themselves, depending on their age) must give consent for the data to be used outside the normal business of the school.

Schools must ensure that their third party suppliers who may process any of their data is GDPR compliant and must have legally binding contracts with any company that processes any personal data. These contracts must cover what data is being processed, who it is being processed by, who has access to it and how it is protected.

At Greenfield school, we are required to hold a range of information about your child in order to support them during their time with us. This is for a variety of different reasons, including supporting individual needs, monitoring the progress of individual pupils and securing the safety of our pupils.  

The safe processing and ongoing protection of your child’s personal information is part of our aim of establishing effective safeguarding processes. We have a number of processes in place to ensure that the guidance outlined in the GDPR (2018) is fully implemented within the running of our school.

For more information about the data that we hold, why the school requires this data and what the school does with this data, please read the documents below.