Data Protection

The General Data Protection Regulation (GDPR) and the Data Protection Act 2018 took effect on 25 May 2018, replacing the Data Protection Act (DPA) 1998. The legislation exists to safeguard every individual’s data. Data refers to any information that relates to a living person that identifies them. This can be by name, address or phone number, for example.

In order to operate effectively, Friesland School and The Two Counties Trust has to collect, process and retain information about people which may include current, past and prospective pupils, parents / carers, members of the public, staff, suppliers, volunteers and governors. This information must be kept secure and within the law.

Schools / academies have to collect sensitive data to meet Department for Education (DfE) and Local Authority requirements amongst others, and student data may contain information about safeguarding, Special Educational Needs or health needs. Information about other family members may also be held within school/ academy records.

For further information, including the Trust’s privacy notices, data protection policies and procedures, how to make a subject access request and information regarding withdrawal of consent, please click the link below.

Data Protection and the GDPR – January 2021

As the UK transitional arrangements expired on 31 December 2020, there are some practical changes for Data Protection and the GDPR. To comply with the Data Protection, Privacy and Electronic Communications (Amendments etc) (EU Exit) Regulations 2019 please note that every policy, notice and procedural guide that refers to ‘GDPR’ shall now be read as ‘UK GDPR’. The rights, responsibilities and data protection that the Data Protection Act 2018 and the GDPR are not changed. Our procedures and arrangements will not change.


Liz Hails, Office Manager, is our Data Protection Co-ordinator for Friesland School.

Please email with any data protection related enquiries and subject access requests.