Bourne Primary School


Privacy and the General Data Protection Requirement

The 25th May 2018 marked the enforcement of the General Data Protection Regulation (GDPR). The GDPR replaced the Data Protection Act 1998 and is designed to strengthen the safety and security of all data held within an organisation, and make sure processing and storage procedures are consistent.

Bourne School is working to ensure that we meet this new regulation.

First and foremost, it is important that you understand your rights under the GDPR. You have the right to:

  • Be informed about how we use your personal data.
  • Request access to the personal data that the school holds.
  • Request that your personal data is amended if it is inaccurate or incomplete.
  • Request that your personal data is erased where there is no compelling reason for its continued processing.
  • Request that the processing of your data is restricted.
  • Object to your personal data being processed in some cases.

Privacy Notices

Information is contained in our new Privacy Notices. There are Privacy Notices for:

Before you give consent to anything, it is vital that you have read and understood the privacy notice, as the school wants to ensure that you understand what we are doing with your data and that you know we are acting legally.


The scho ol will have to comply with the GDPR, by having effective policies in place. These are the policies connected with the GDPR.

Data Breaches

A data breach notification duty is applied to all schools, and those that are likely to cause damage, e.g. identity theft, have to be reported to the Information Commissioner’s Office within 72 hours – failure to do so can result in a fine. A data protection impact assessment will be completed, which will likely be carried out when using new technologies and the processing is likely to result in a high risk to the rights and freedoms of individuals.

One of the biggest changes has been in terms of consent; consent must be a ‘positive indication’, which means that it has to be opted into, clear and unambiguous. Any consent given under the Data Protection Act 1998 will be reviewed and re-obtained if necessary. This means the school may have to ask for you to consent to things again.

Data Protection Officer

All schools are required to appoint a data protection officer (DPO). At Bourne, we have bought into the East Sussex service for our DPO, and contact details for the team can be found below.


As a school we do not place any cookies on your computer, but one essential function (Google Translate) uses what is known as a third party cookie. We consider this essential to our website and as such it is permitted. If we were to block it, we could not offer the service.

Finally, If you have any questions, concerns or would like more information about anything mentioned on this page, please contact the Information Governance Team for East Sussex County Council and is contactable on 01273 337610. Alternatively, you can contact the ICO on 0303 123 1113 or you can visit their Guide to the General Data Protection Regulation webpage.