Pen Mill Infant and Nursery Academy

Strong foundations, greater opportunities.

Our child centred, language rich curriculum will enable every pupil to maximize their potential. They will recognise their strengths, develop a love for learning and be fully prepared for the next stage of their journey.



The UK GDPR came into force on 1st January 2021, when the EU GDPR was enacted into UK law after Brexit. The UK GDPR reflects all the contents of the EU GDPR, which was introduced in May 2018.

GDPR gives enhanced rights to individuals, and greater responsibilities for organisations (including schools). We have increased our transparency and accountability, and ensure that we are complying with the principles of GDPR when processing personal data.

You can read more about the principles here:

We at Pen Mill Infant and Nursery Academy have taken the following actions:

  • Appointed a Data Protection Officer to advise the school and monitor our compliance
  • Trained all new and existing staff in data protection and reminded them of their responsibility to keep personal data safe
  • Considered our lawful basis under UK GDPR for processing your personal data, and when we will require your consent
  • Completed an audit of all the data we are processing in school, to comply with Article 30 of UK GDPR (Record of Processing Activities)
  • Published privacy notices to inform you of how we use your personal data (link to privacy notices)
  • Updated our Data Protection policy (link to policy)
  • Reviewed our procedures for data collection and retention, to ensure they are compliant with UK GDPR – we follow the advice of the Information and Records Management Schools Toolkit here
  • Logged all data breaches, and considered whether they require notification to the Information Commissioner’s Office


If you have any questions about how the school is complying with the law, please contact our Data Protection Office at