The General Data Protection Regulation (GDPR) came into effect on 25th May 2018 and, alongside the UK Data Protection Act, sets out how personal information must be managed and protected. At Reintegreat Education Solutions, we are fully committed to complying with GDPR and the latest statutory guidance to ensure the personal data of our students, families, staff, and stakeholders is handled lawfully, fairly, and securely.

​

What Does GDPR Mean for Schools?

​

Schools process large amounts of personal data every day, including information about pupils, parents/carers, and staff. Much of this processing is carried out under the lawful basis of being “in the public interest”—as it is essential for schools to operate effectively. This means that in most cases, specific consent is not required for the school to process data.

​

However, GDPR gives individuals greater rights and control over their data. For example:

​

• Consent is required for any activity outside the school’s core business (e.g. using photos on promotional materials, working with third-party providers beyond educational needs).

• Transparency means we must explain clearly how data is collected, stored, used, and shared.

• Accountability means we must demonstrate how we comply with the law, including having the right policies, systems, and contracts in place.
   

Our GDPR Commitments
 

At Reintegreat, we ensure GDPR and Data Protection compliance through the following measures:

​

• Data Protection Officer (DPO): We have appointed a DPO who oversees compliance, provides advice, and acts as the point of contact with the ICO (Information Commissioner’s Office).

• Privacy Notices: We provide clear privacy notices to parents, carers, staff, and learners, explaining how and why we collect and use personal data.

• Secure Systems: All personal information is stored and processed using secure systems with restricted access, ensuring data confidentiality and integrity.

• Third-Party Suppliers: We only work with GDPR-compliant third parties. Legally binding contracts are in place outlining what data is processed, by whom, and how it is safeguarded.

• Training: All staff receive training in data protection and safeguarding responsibilities.

• Data Breach Procedures: In line with legal requirements, any data breach likely to affect an individual’s rights or freedoms will be reported to the ICO within 72 hours and, where necessary, the affected individuals will be informed.

• Rights of Individuals: Parents, carers, staff, and learners have the right to request access to their personal data, request corrections, restrict processing, or ask for deletion where appropriate.
  ​

Keeping Data Safe

​

Protecting personal information is central to safeguarding. At Reintegreat, we regularly review our policies and practices to make sure they meet the latest GDPR and data protection requirements. Our approach is guided by three key principles:
 

• Transparency – clear information about how data is used

• Security – robust systems to protect personal data

• Accountability – strong governance and oversight at every level
   

Copies of our Data Protection Policy and Privacy Notices are available upon request.