Straits Primary School aims to ensure that all personal data collected about staff, pupils, parents, governors, visitors and other individuals is collected, stored and processed in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill.

GDPR is based on data protection principles that our school must comply with.

The principles say that personal data must be:

• Processed lawfully, fairly and in a transparent manner.
• Collected for specified, explicit and legitimate purposes.
• Adequate, relevant and limited to what is necessary to fulfil the purposes for which it is processed.
• Accurate and, where necessary, kept up to date.
• Kept for no longer than is necessary for the purposes for which it is processed.
• Processed in a way that ensures it is appropriately secure

Straits Primary School processes personal data relating to parents, pupils, staff, governors, visitors and others, and therefore is a data controller. The school is registered as a data controller with the ICO and will renew this registration annually or as otherwise legally required. This applies to all personal data, regardless of whether it is in paper or electronic format.