Ormiston Victory Academy Join us for the voyage

01603 742310

Email us

Middleton Crescent




Ofsted Outstanding School 2012 | 2013

GDPR and Data Protection

Data Controller

Ormiston Academies Trust is the organisation which is in charge of personal information – Data Controller.

The postal address of the Academy Trust is:

Ormiston Academies Trust

Ormiston House

144, Newall Street


B3 1RY

The Data Protection Officer (DPO) for the Trust is James Miller. He can be contacted via dpo@ormistonacademies.co.uk / 0121 262 4725

The Data Protection Lead (DPL) at the Academy is Teresa Smith – Director of Finance & Operations.

Data Protection Policies

Privacy Notice for Pupils

Data Protection and FOI Policy

Records Retention Policy 

General Data Protection Regulation (GDPR)


On 25th May 2018, the General Data Protection Regulation (GDPR) will become law in all European member states, including the United Kingdom who will still be a member at that time.

The new Regulation will replace the Data Protection Act 1998 (DPA) which was developed at a time when most data processing was still paper-based. There was also a limited understanding of the impact that technology would have on the way we process data.

The purpose of the GDPR is to:

  • harmonise the EU’s laws surrounding data protection
  • protect all EU citizens’ data privacy
  • re-shape the way organisations across the region approach data privacy

In drafting it, the EU’s aim was to design it as a living document and future-proof the wording. They have also made it ‘technology neutral’ which means that the same regulatory principles apply regardless of the technology used.

If you hold information which falls within the scope of the Data Protection Act 1998, it will also fall within the scope of GDPR. The GDPR principles are similar to the DPA, but there is a new accountability requirement – you will have to demonstrate how you comply.


The following terminology will be used in this course.

Data subject means the person whose personal data is being processed.

Personal data means any information relating to a natural person or data subject that can be used directly or indirectly to identify the person. It can be anything from a name, a photo, an email address, bank details, posts on social networking sites or a computer IP address. Sensitive personal data includes information about racial or ethnic origin, political opinions, medical information and genetic and biometric data where it is used to uniquely identify an individual.

Data controller means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is to be rocessed.

Data processor, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller.

Processing information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including:

  • organising, adapting or altering it
  • retrieving, consulting or using the information or data
  • disclosing the information or data by transmission, dissemination or otherwise making it available
  • aligning, combining, blocking, erasing or destroying the information or data


Victory Achieves Stonewall Champion Schools Silver Award

Posted: 09.01.20

Having been awarded the Stonewall Bronze Award in December 2018, we are now thrilled that Victory’s continuing commitment to the

read more

Admissions Policy 2021-22 Consultation

Posted: 02.10.19

We are now consulting on our Admissions Policy for 2021-22. Details can be found here.

read more

SEND Family Roadshow

Posted: 25.09.19

read more

Translate »