What is the GDPR?

The GDPR is a set of guidelines for the collection and processing of personal information of individuals within the EU and is effective in the UK from 25 May 2018 – replacing the Data Protection Act (DPA) 1998.

Accountability and governance

Under the GDPR, schools are expected to have comprehensive and proportionate governance measures in place to minimise the risk of data breaches. Schools should:
• Implement internal data protection policies, e.g. staff training
• Maintain relevant documentation and processing activities.
• Appoint an appropriate DPO.
• Implement measures that meet the principles of data protection by de-fault, including data minimisation and transparency.
• Use data protection impact assessments where appropriate.


The DPO for St Luke Academies Trust is Nathalie Young
Any questions that you have regarding the GDPR can be directed to Nathalie using nathalie.young@st-luke-at.co.uk or 01536 203251

Please click on the links below for more information and to view these policies.

Data Breach Procedure

GDPR_Information Leaflet

GDPR Policy

Governor Director Privacy Notice


Pupil and Family Privacy Notice

SLAT Workforce Privacy Notice

School Workforce privacy notice