St Elizabeth Catholic School

General Data Protection Regulations (GDPR)

St Elizabeth School strives to meet the standards set out in the GDPR and the Data Protection act 2018.

Data Protection Act 1998: How we use pupil information

Who do we share pupil’s information with?

• Schools or colleges that the pupils attend after leaving us
• Our local authority and their commissioned providers of local authority services
• The Department of Education (DfE)

Storing pupil Information
At St Elizabeth we keep information about your child on our computer systems and also sometimes on paper.
We hold your child’s education records securely. Any essential records on an individual child follow them through their education establishments. St Elizabeth holds a record of the schools each child has moved to.
There are strict controls on who can see your information. The school protects all data and will pay particular attention to the security of especially sensitive data. Parents will be asked for their consent for the school to process some specific data (such as photographs).

The National Pupil Database (NPD)
The NDP is owned and managed by the Department for Education and contains information about pupils in schools in England. It provides invaluable evidence on educational performance to inform independent research, as well as studies commissioned by the Department. It is held in electronic format for statistical purposes. This information is securely collected from a range of sources including schools, local authorities and awarding bodies.
We are required by law, to provide information about our pupils to the DfE as part of statutory data collections such as the School Census and Early Years’ Census. Some of this information is then stored in the NPD. The law that allows this is the Education (Information About Individual Pupils) (England) Regulations 2013.
To find out more about the pupil information we share with the Department of Education, for the purpose of data collections, go to

The Department of Education may share information about our pupils from the NPD with third parties who promote the education or well-being of children in England by:
• Conducting research or analysis
• Producing statistics
• Providing information, advice or guidance

The Department of Education has robust processes in place to ensure the confidentiality of our data is maintained and there are stringent controls in place regarding access and use of the data. Decisions on whether DfE releases data to third parties are subject to a strict approval process and based on a detailed assessment of:
• Who is requesting the data
• The purpose for which it is required
• The level and sensitivity of data requested and
• The arrangements in place to store and handle the data

To be granted access to pupil information, organisations must comply with strict terms and conditions covering the confidentiality and handling of the data, security arrangements and retention and use of the data.
For more information about the Department of Education’s data sharing process, please visit:

For information about which organisations the Department of Education has provided pupil information, (and for which project), please visit the following website:
Requesting access to your personal data
Under data protection legislation, parents have the right to request access to information about themselves or their child that we hold. To make a request for your personal information, or be given access to your child’s educational record, please contact the school office or the Headteacher. The school will, on an annual basis, share individual Data Collection Sheets with you in order to ensure that our records are accurate and up to date. We request that these are returned promptly and that school is advised of any changes as soon as possible.

You also have the right to:
• Object to processing of personal data that is likely to cause, or is causing, damage or distress
• Prevent processing for the purpose of direct marketing
• Object to decisions being taken by automated means
• In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and
• Claim compensation for damages caused by a breach of the Data Protection regulations

If you should have a concern about the way we are collecting or using your personal data, you should raise your concern with us in the first instance or directly to the Information Commissioner’s Office at

Personal Data Breaches
The GDPR requires the School to notify any applicable personal data breach to the Information Commissioner’s Office (ICO) within 72 hours. 

If you know or suspect that a personal data breach has occurred, immediately contact the person designated as the key point of contact for personal data breaches (Headteacher: Ms Angelina John).

The Data Protection Officer is responsible for overseeing data protection within the School so if you do have any questions in this regard, please do contact them on the information below:

School Data Protection Officer: School Business Manager/HR Officer

Data Protection Officer: Craig Stilwell

Company: Judicium Consulting Ltd Address: 72 Cannon Street, London, EC4N 6AE



Telephone: 0203 326 9174

Data Breach Policy draft View
Data Protection Policy draft View
Information Security Policy draft View

Designed By Pupilocity Ltd.