Home Page


At OPJS we are committed to ensuring we do the right thing for our Governors, our families, our students, our staff and the third parties we work with. Verified by a locall aw firm, we are focussed on ensuring our processes can be evidenced to demonstrate compliance.

We know that complete GDPR compliance can only be achieved through a collaborative and transparent approach and we also want to ensure that this is comprehensive and complete.

We have been working on the following:

  • Identification of a Data Protection Officer
  • Data mapping and Data Asset Register
  • Embedding data privacy into all our processes
  • Information security risk
  • Third party risk and our data partners
  • Responding to individual complaints and data subject access requests (DSARs)
  • Data Privacy Breach procedures
  • Ongoing monitoring


What have we done?

  • We have started to roll out new PAT and OPJS GDPR privacy notices.
  • We have published a new PAT and OPJS GDPR/Data Protection Policy
  • We have ensured that all processing of data done in school complies with GDPR
  • We have undergone an Information Governance Health Check Report


There are six lawful processing conditions:

  • Compliance with a legal obligation
  • Performance of a contract
  • Legitimate interest
  • Public interest
  • Vital interest
  • Consent

Data privacy is discussed at each Governing Body meeting and regularly reviewed by senior leaders within school.

OPJS's named Data Protection Officers (DPO) David Goucher (Headteacher) and Mary Chapman (School Business Manager) and the DPO Link Governor is Katie Payne.

Both the Headteacher and School Business Manager will lead the teams in school, helping embed data privacy into operations whilst also monitoring activity on an ongoing basis. The DPO Link Governor will oversee this work and act as an auditor and critical friend. There will be regular training for all staff to ensure a deeper level of understanding, allowing them to identify any risks and stop them from happening.


Find below the PAT and OPJS Privacy Notices as well as GDPR/Data Protection policies.