Skip to content ↓


The school collects, holds and uses a great deal of information about individuals, particularly students and adults connected with the school.  From 25 May 2018, the Data Protection Act (DPA) was replaced by the General Data Protection Regulation (GDPR). Under the Regulation (EU) 2016/679 (GDPR); data that can be used to identify a natural living person is called ‘personal data’.  The regulation puts in place numerous safeguards for the use of personal data.

Under the GDPR, the data protection principles set out the main responsibilities for organisations:

Welling School has a statutory duty to comply with the requirements of GDPR as it collects data about students and adults associated with the school for school business.  The school is also required to produce a Privacy Notice explaining how information is collected and processed. 

Information about your rights under GDPR can be found on the Information Commissioner’s website.  The following TKAT link has an information video on the new regulations and provides access to the organisations Privacy Notices.

All of the information we hold on individuals follow the six key principles of the GDPR:

  1. Fair, lawful and transparent
  2. Collected for specified, explicit and legitimate purposes
  3. Adequate, relevant and limited to what is necessary
  4. Accurate, and where necessary, kept up to date
  5. Kept in a form which permits identification for no longer than necessary
  6. Processed in a manner that ensures appropriate security

TKAT data subject access request procedure
This form should be completed and returned to Mr M Barrett, Director of Business -

To report a GDPR breach please contact the school -