Walton Oak School

Walton Oak Primary School
Staff login
Life at Walton Oak School Life at Walton Oak School Life at Walton Oak School Life at Walton Oak School Life at Walton Oak School Life at Walton Oak School Life at Walton Oak School


The General Data Protection Regulation (GDPR) took effect from 25th May 2018. Walton Oak School has developed a number of new notices and policies regarding the processing of personal data to comply with this new legislation. Key policies are available below.Declaration of Compliance

GDPR impacts every organisation with over 250 employees which holds or processes personal data: Walton Oak School is categorised as a “data controller” under the new legislation, as we collect, record, hold, and process personal data relevant to our pupils, staff and other individuals. The new legislation introduces new responsibilities for data controllers, including the need to demonstrate compliance and more stringent enforcement of data protection. It also introduces new rights and protections for EU data subjects.

Walton Oak School is committed to high standards of information security, privacy and transparency. We place a high priority and importance on protecting and managing data in accordance with Article 6 and Article 9 of the GDPR accepted standards.

To ensure we deliver best practice, our programme of compliance includes:

  • Policy development: we have an updated control framework and specific privacy notices to incorporate GDPR obligations for the wide number of individuals for whom we collect, use and hold data.
  • Data collection and consent: we have a Data Protection Policy, a Subject Access Request Policy and Privacy Notices for Parents, Carers and Staff, explaining the purposes for which data is collected and processes to ensure data subject consent is given freely and for specific purposes.
  • Review of legal basis for collection of data: we have reviewed the basis on which we are lawfully allowed to collect and process data under Article 6 of the GDPR, where it is necessarily to fulfil Walton Oak’s legal and statutory obligations or to protect the vital interests of the data subject.
  • Data inventory and audit: we have Document Retention and Breach Management policies. In 2018 we have undertaken (and will continue to do so at regular intervals) a systematic review of the way in which we store, manage, maintain, collect, process and control data. This includes offline storage and paper records. We reviewed information flow, any data transfers, risk reviews and our compliance with the expectations of the legislation as regards lawfulness, accuracy, consent, confidentiality, record keeping and accountability.
  • Training and awareness: we have undertaken staff training across the school to ensure that staff are aware of the impact of GDPR on policies, procedures, and responsibilities of all staff and stakeholders in this new regime.
  • Relationships with third party suppliers: we are working with our third party suppliers as both as data controller and processor to address GDPR compliance. Where relevant and related, we will be using all reasonable endeavours to ensure that our third party and suppliers are complying with the GDPR.
  • Technology and storage capacity: we are reviewing our technology platforms and physical storage facilities to analyse their operation, security and compliance in order to ensure that they meet GDPR standards.

Our Data Protection Officer is Robert Bullett. He can be contacted by email at robert.bullett@london.anglican.org. The Data Protection Officer will inform, advise and monitor compliance at Walton Oak School at all times through regular audits.

Walton Oak School’s Data Manager is the School Business Manager, who can be contacted by email at bursar@oak.surrey.sch.uk or by telephone on 01932 259604. The Data Manager will implement tools as appropriate that support the process, provide necessary security and ongoing delivery of GDPR objectives.

Related Policies: