What is the General Data Protection Regulation?

The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union, aiming to give control back to citizens and residents over their personal data.

 GDPR came into effect from 25th May 2018.

Taking data security and privacy seriously

At Cradley C of E, we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights, as such we are committed to maintaining compliance with the GDPR.

We undertake comprehensive GDPR audits to ensure that data handling best practice is being followed by our staff. 

Data Protection Officer

YourIG Data Protection Officer Service

Dudley MBC

The Council House

Dudley

West Midlands

DY1 1HF

Email:  YourIGDPOService@dudley.gov.uk

 

Data Retention Periods for Primary Schools

Pupil Records (General): Until the pupil leaves primary school and moves to secondary, or until the child turns 25 (commonly used to ensure covering statutory periods).

Admissions Registers: Permanently (or minimum 3 years from last entry).

Attendance Registers: 3 years from the date of the last entry.

Special Educational Needs (SEND) Files: Until the child turns 25.

Child Protection/Safeguarding Files: Transferred to the next school, or if retained, kept until the child turns 25.

Governing Body Minutes/Reports: Permanent or 6 years, then archived.

Staff Personnel Records: 6 years after employment ends, or 7 years for staff over 50.

Financial Records: 6 years from the end of the tax year.

Privacy Notices

• Privacy Notice 2026 - Pupil Information
• Privacy Notice 2026 - Workforce
• Privacy Notice 2026 - Governors and Volunteers
• Privacy Notice 2026 - Recruitment