General Data Protection Regulation (GDPR)


What is GDPR?

The General Data Protection Regulation (GDPR) came into effect on 25th May 2018. The new regulations brought higher standards for handling personal data and greater expectations for improved transparency, enhanced data security and increased accountability for the processing of personal data.

Rivington Primary School has a legal duty to comply with the requirements of the GDPR. The legislation brings with it the responsibility to inform parents and stakeholders about how we are using pupils' data and who it is being used by.


What does GDPR mean for schools?

A great deal of the processing of personal data undertaken by the school falls under the specific lawful basis of ‘legal obligation’ or 'public task', which means that specific ‘consent’ will not be required in the majority of cases in schools.

In limited circumstances, we will obtain your consent; for example, if we want to place photographs of pupils on our website, in the newspaper or on social media. Where you do consent to us collecting and using personal information, you have a right to withdraw your consent at any time.

The school must ensure that their third party suppliers who may process any of their data are GDPR compliant.

It is a requirement that data breaches which are likely to have a detrimental effect on the data subject are reported to the Information Commissioners Office (ICO), the regulator for all matters relating to data protection within 72 hours of discovery.

Here at Rivington we have always valued and protected our pupils, parents and staff personal data and continue to do so in the presence of GDPR.


The school has an appointed Data Protection Officer (DPO) :

HY Education

2nd Floor (East Wing)

Sandbrook House


OL11 1RY


They can be contacted by telephone 0161 543 8884 or by email at [email protected]


Further information about the legislation can be found on the ICO website at

Student Login