Skip to content ↓

St. Cross Catholic Primary School

“Together we grow in God’s love”


 GDPR - General Data Protection Regulations

From 25th May 2018, the General Data Protection Regulation, which is often referred to as the “GDPR”, replaced the DPA (1998).  Although many of the principles have remained the same as the DPA 1998, there have been some important changes.

The GDPR require public authorities and businesses to identify the lawful basis for storing personal data, audit information we already hold and take a ‘data protection by design and default’ approach to personal data.    

Our Data Protection Officer is: 

Mrs Hollie Drake. If you would like to contact the DPO please email 

In order to ensure that we comply with the regulations, we have a number of policies and notices available in school and on our school website.


Please note: the personal data of employees, parents or visitors to school may be shared with NHS/Public Health Agencies as required for the response to the Covid pandemic.

On entrance to the school, you will be asked to provide your contact details and time and date of arrival and departure.
St Cross Catholic Primary School will hold records for 21 days. This reflects the incubation period for COVID-19 (which can be up to 14 days) and an additional 7 days to allow time for testing and tracing. After 21 days, this information will be securely disposed of.



Please see our draft policies below, currently being reviewed by Governors.