General Data Protection Regulations (GDPR)

Following the Data Protection Act 1998, the new General Data Protection Regulation (GDPR) 2018 came into force on 25 May 2018. It applies to anyone who processes, stores or is the subject of personal data.

In collecting, using, storing and disposing of data, The Evolve Trust will comply with the requirements of the GDPR that govern the processing of personal data.

What is a personal data breach?  

A security incident that has affected the confidentiality, integrity or availability of personal data, examples below:

  • USB sticks being lost or stolen
  • Sending confidential attachments containing personal data to the wrong email recipient
  • A computer virus which wipes a hard drive which has not been backed up
  • An attack into our IT network where there are files containing personal data which have been accessed
  • Accidental disclosure of student records
  • A staff member accidentally sending an email to pupils in year 9 rather than to teaching staff of year 9

Suspect a Data Breach?

If there has been an incident which resulted in a potential breach of personal data, it is imperative that it is reported immediately.

In most cases it is not necessary for the trust to file a report with the ICO, and the incident (often called a 'near miss') can be managed internally, however, it is important that this decision is made by the Data Breach Committee.

If you are unsure if the incident is indeed a breach, it would be best to submit a report anyway, for the Committee to review.

If you suspect a potential breach, please download and complete the Data Breach Report Form and return it to as soon as possible.

Data Breach Report Form

Please include as much detail as possible so that, if required, action can be taken immediately following receipt of the report. 


Alex Walker is the Data Protection Officer for The Evolve Trust. Alex can be contacted via email for any help and guidance needed around GDPR (

Subject Access Requests

Subject access requests to be forwarded to

Privacy Statements

Privacy Notice - Pupil Friendly

Privacy Notice for Third Parties

Privacy Notice for the School Workforce

Privacy Notice for Pupils and Their Families

Privacy Notice for Prospective Employees