01536 710175

Mrs Jo Sail

Main Street, Loddington
Kettering, NN14 1LA

Data Protection governs how information about living people (such as pupils and staff) is collected and used. 

GDPR is about personal data. This means that data which relates to an individual who can be identified from that information. It does not affect all the records the school or academy trust holds because much of it will not contain personal data. 

GDPR became law on 25 May 2018. It has a number of changes from the previous Data Protection Act. The mian new feature of data protection under the GDPR is an accountability principle, meaning that the organisation does not only have to comply, but it has to be able to demonstarate that it complies. 

The Information Commissioner's Office (ICO) is the national regulator of data protection legislation. If there is something that we, as an academy trust, are doing that is not quite as it should be a complaint can be made to the ICO. 

N.B. the ICO website is a key place to find further information on GDPR. Here is the link: 

Loddington C of E Primary School is part of Peterborough Diocese Eucation Trust (PDET) and therefore PDET is the Data Controller and responsible for compliance under GDPR. 

PDET has audited all of its schools/academies and is repsonisble for creating and maintaining a Record of Processing Activities (RPA). 

Th RPA is a list of the main types of information the Trust has (and this, therefore, includes all the information schools in the Trust have), stating key details about the data, such as: 

  • Why we have it
  • What it is used for
  • Where it is stored
  • Who it is shared with (if it is)
  • How long we keep it for

Privacy Notices 

Privacy Notices are what we use to explain to people why we collect information and what we are going to do with it, such as if we are going to share it with anyone else.  

Data Protection Officer (DPO)

GDPR makes it a requirement for all public authorities (including schools) and large organisations to have a deignated DPO. Our school DPO is Joanne Sail. PDET's DPO can be contacted at  

Procedures for individuals to exercise their rights

The GDPR gives individuals various rights around their data. The main one is being able to request a copy of the informtion held about them, but it also gives them the right to do things like request that informaion is corrected (if inaccurate). 


PDET has prepared the following policies for GDPR:

  • Combined Data Protection & Freedom of Information Policy
  • Records Retention Policy
  • Privacy Notice - Pupils/Parents
  • Photographs

These policies have been adopted by the school and are available on the side bar. 

Rights Of Individuals

Individuals have the following rights:

  • Rights of access (to receive copies of their personal data)
  • Right to retification (correcting data if inaccurate)
  • Right to erase (to request that data is deleted)
  • Right to restrict processing (to request you do not use their data ina certain way)
  • Right to data portability
  • Right to object
  • Right to have explained if there will be any automated decision-making, including profiling, based on the data and that they have the right to meaningful information about the logic behind this.  


Data Protection & GDPR Files