Data Protection / GDPR


What is the General Data Protection Regulation? (GDPR)

The GDPR is a new regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union, aiming to give control back to citizens and residents over their personal data.

The GDPR comes into effect from 25th May 2018.


Taking data security and privacy seriously

At Bromley Pensnett Primary School and drb Ignite Multi Academy Trust, we take data security and privacy extremely seriously and believe that the GDPR is an important step forward for clarifying and enabling individual privacy rights, as such we are committed to maintaining compliance with the GDPR.

We are undertaking a comprehensive GDPR audits to ensure the data handling best practice is being followed by our staff.

We also have updated a number of key documents that cover in detail how we handle and manage data:

Thank you for trusting us and please be assured that we will always take the security and privacy of your data very seriously.

If you have questions regarding data protection and GDPR, please do not hesitate to contact me at Alvin Walters at


Data Protection Officer

The Data Protection Officer for drb Ignite Multi Academy Trust is Alvin Walters. For enquiries please contact him at .

Freedom of Information

The Freedom of Information Act 2000 gives the public right of access to information produced in the course of the Trust’s work.

There are exemptions to this right. In particular, data about living, identifiable people (‘personal data’) continues to be covered by the Data Protection Act and is not generally publicly available except to the “subject” of the data – that is, the person whom the data is about.

Under the Freedom of Information Act, drb Ignite Multi Academy Trust will publish all the documents which the Trust will make public as a matter of routine.

If the information you are looking for is not available on our website, you can make a request for the information you require in writing, or by email to the Data Protection Officer, Alvin Walters at


Privacy Notices


Consent Forms

Consent is one of six lawful bases to process personal data. ‘Consent’ under the General Data Protection Regulations (GDPR) has a particular meaning; it should always be freely given, specific, informed and an unambiguous indication of an individual’s wishes with regard to the processing of their personal information.

  • Parental Consent Form

  • Withdrawal of Consent Form


Subject Access Requests

Individuals have the right to request access to the information we hold about them.

If you want to make a subject access request, please download and complete the following:

  • Subject Access Request Form

Please email the completed Subject Access Request to the Data Protection Officer at

As part of our GDPR obligations we will:

  • Provide the information free of charge

  • Comply within 1 month of the request.

  • Provide the information in a commonly used electronic format.