Posted on by

GDPR (General Data Protection Regulations) 

The General Data Protection Regulation replaces the Data Protection Act; which is designed to strengthen and unify the safety and security of all data held within an organisation.


The data protection principles are:

  • personal data processed fairly and lawfully
  • personal data obtained for one or more lawful purposes
  • personal data shall be adequate and up to date
  • personal data shall be adequate, relevant and not excessive
  • personal data shall not be kept longer than necessary
  • personal data shall be processed in accordance with the acvt
  • technical and organisational measures shall be taken against unauthorised processing
  • personal data shall not be passed outside the EEA unless that country ensures adequate level of protection for the rights and freedoms of the data subjects

We have a new Privacy Notice to meet the requirements of the  GDPR.

You also have the right to:

  • object to processing of personal data that is likely to cause, or is causing, damage or distress
  • prevent processing for the purpose of direct marketing
  • object to decisions being taken by automated means
  • in certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
  • claim compensation for damages caused by a breach of the Data Protection regulations

If you have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at
If you would like to discuss anything in this privacy notice, please contact: Amy Brittan, School Data Protection Officer, Somerset LA –