The UK General Data Protection Regulations (UK GDPR) are data protection regulations that build upon the Data Protection Act of 2018.

The UK GDPR require public authorities and businesses to identify the lawful basis for storing personal data, audit information we already hold and take a 'data protection by design and default' approach to personal data.

We take data protection very seriously at The Giles Nursery and Infants' School. In line with UK GDPR requirements, we have appointed a Data Protection Officer, Herts for Learning to oversee our approach to data management and protection.

In order to comply with the regulation, we regularly review our policies and practices.

To learn more about the General Data Protection Regulation, please visit the Information Commissioner's Office website on http://ico.org.uk

Subject Access Requests

For full details about subject access requests, please see our school policy below.

As a matter of course, requests submitted prior to any holiday period will be responded to within the required timescales. However, the school is conscious of the fact the ability to service such requests may be made more complex by staff absence.

Should a holiday close down period severely affect the school's ability to facilitate the production of the required information, the requester will be notified and the school may extend the period of compliance by a further two months. As school post is held during holiday periods until staff return to the premises, requesters should send their requests by email to the DPO at dpo@gilesinfants.herts.sch.uk to enable us to comply with the request within the necessary time frame.

Requests made during school closures, principally the summer holiday period, should be made by email to the DPO and will not be actioned until staff return and the identification of the requester has been made.