Data Protection (GDPR)

Data Protection and General Data Protection Regulations (GDPR)
We live in a data-driven world. Almost every transaction and interaction you have with most organisations involves you sharing personal data, such as your name, address and birth date. You share data online too, every time you visit a website, search for or buy something, use social media or send an email.

Sharing data helps make life easier, more convenient and connected. But your data is your data. It belongs to you so it’s important your data is used only in ways you would reasonably expect, and that it stays safe. Data protection law makes sure everyone’s data is used properly and legally.

Personal Data
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people. The GDPR applies to both automated personal data and to manual filing systems where personal data is accessible.

How does The Heathland Whitefriars Federation protect Personal Data?
Under GDPR, the data protection principles set out the main responsibilities for organisations to help keep data safe.  The Federation has appropriate systems, policies and procedures in place to enable us to comply with our data protection responsibilities to keep personal data safe.

Privacy Notices

Requests for Information
The Federation will follow legislative guidance when dealing with Data Subject Access Requests.

Please refer to Information Commissioner’s Office guidance on Accessing pupils’ information | ICO.

How to make a request to see information about you?
If you wish to request information we hold about you, please complete the Data Subject Access Form found on the link below and send it to or

Any request in writing will be considered from the individual (Data Subject) as a valid request, whatever the format as long as it contains the relevant information to enable us to deal with your request.

How to make a request to see on behalf of someone else?
If you are requesting information on behalf of someone else you must complete the Data Subject Access Request Form and provide written evidence that you have the Data Subject’s authority to ask for the information on their behalf, e.g. signature on the Data Subject Access Form, a letter written by them, evidence of Power of Attorney, etc.

Data Subject Access Request Form   –   Available here 

How do you provide your identity?
If you are not known to the school, we may ask to see proof of your identity. The following forms of identity will be accepted as proof of identity:

Will you be charged for information provided?
The school will follow guidance within current Data Protection legislation in relation to charges for information.

What do you do if the data is incorrect?
Please contact the school to tell them what is incorrect and ask for it to be corrected. You can also appeal to the Information Commissioner if the school does not correct the information.

We take any complaints about our collection and use of personal information very seriously. If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about our data processing, please raise this with us in the first instance.

To make a complaint, please contact our Head of Operations.  Should you feel that the matter has not been resolved please contact the Data Protection Officer.

Data Protection Officer
The Data Protection Officer is responsible for overseeing data protection within the School.

Judicium Consulting Limited
Address: 72 Cannon Street, London, EC4N 6AE
Telephone: 0203 326 9174
Lead Contact: Craig Stilwell

Alternatively, you can make a complaint to the Information Commissioner’s Office:

Report a concern online at:

Call: 0303 123 1113

Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF


The Information Commissioners Office  (ICO)
The Heathland Whitefriars Federation is registered with the Information Commissioner’s Office (ICO) Under Registration Number: ZA072271

The ICO remains the independent supervisory body regarding the UK’s data protection legislation.

Please click here for further information from the Information Commissioner’s Office

The Federation reviews data protection arrangements regularly to ensure compliance with the General Data Protection Regulations introduced in May 2018.

On 28 June 2021, the EU approved adequacy decisions for the EU GDPR and the Law Enforcement Directive (LED). This means data can continue to flow as it did before, in the majority of circumstances.  Both decisions are expected to last until 27 June 2025.

The General Data Protection Regulation has been kept in UK law as the UK GDPR.