UK GDPR – General Data Protection Regulation

The Data Protection Act 2018 came into force on 25th May 2018 in the UK. The Act implements the General Data Protection Regulation (now UK General Data Protection Act) in national law. The UK GDPR has 2 key objectives:

  1. To facilitate a free movement of data by creating a consistent data protection regime across the Union.
  2. To provide a framework that more accurately reflects how we use data today and therefore better protect the rights and freedoms of individuals.

Data subject rights

At its core, the UK GDPR is about ensuring the privacy of the individual. The UK GDPR provides data subjects with 8 rights that they may exercise when their personal data is being processed; these rights support the individual’s overarching right to privacy in their private life. These rights include:

Right to be informed: Data subjects should expect to know the identify and contact details of the controller and their representative; why and how your data is being processed; if your data will be shared or passed on; how long your data will be stored; and what your rights are. This information is reflected in the Trust’s Privacy Notices.

Right to access: Data subjects have the right to obtain a copy of your personal data as well as to understand how and why your data is being used. This is commonly known as a Subject Access Request.

Right to object to automated decision making, including profiling: Where rights apply, data subjects can obtain human intervention; express your point of view; and obtain an explanation of the decision and challenge it. The right does not apply if the processing is required to fulfil a contract; has been authorised by member state law; or is based on explicit consent.

Right to object: Data subjects can object to us using your information in certain circumstances (please refer to the UK GDPR for the circumstances). This does not apply when we have lawful bases for processing your data, such as legal obligation or to protect the vital interests of a person.

Right to data portability: This right is not absolute. It allows data subjects to obtain/reuse your personal data for your own purposes across different services where data is processed by automated means; the right only applies to information you have provided to a controller. The processing has to be based on consent or where it is necessary to fulfil a contract.

Right to restriction: Data subjects can request that the processing of their data be restricted if one of the conditions set out in Article 18 applies (please refer to the UK GDPR for the conditions).

Right to erasure: Data subjects can request deletion of the data held about you, but only in certain circumstances, including if the data is no longer necessary for the purposes for which it was collected; if you withdraw consent on which the processing is based and where there is no other legal ground for the processing or you object to the processing and there are no overriding legitimate grounds for the processing; or if the data has been unlawfully processed, is to be erased for compliance with a legal obligation or has been collected in relation to the offer of information society services.

Right to rectification: Data subjects have the right to request that your information is updated to be made accurate, in the event where information held by us may no longer be accurate (such as your address). You also have the right to rectification when information we hold about you is incomplete, such as where the digit of a phone number is missing.

To exercise these rights, where they apply, please contact us through any of the means indicated on our Contact page.

Lawful basis for processing

The lawful bases Tarka Learning Partnership rely on when handling personal data include, but are not limited to:

  • legal obligations;
  • vital interests;
  • public interests;
  • contract;
  • consent.

Right to withdraw consent

If the Trust has used consent as the lawful basis for processing your data, you have the right to withdraw this consent at any time. To exercise this right, please contact the GDPR Lead via any of the means indicated on our Contact page.

Use of the website

The Tarka Learning Partnership website exists to provide you with information about the Trust. You do not have to provide us with any personal information to access the website.

The vast majority of personal information we hold about you via the website will be obtained if you contact us by email, phone or post using the contact details given on our website. We will ensure that all personal data you supply to us is held in accordance with data protection law.

Our website uses cookies. Please refer to our cookies statement for information relating to what type of cookies we use, website consent and how to enable/disable and delete cookies.

Data Protection Policy 

The Tarka Learning Partnership is committed to a policy of protecting the rights and privacy of individuals in accordance with the Data Protection Act 2018. Our Data Protection Policy can be found on our Policies page.

Privacy Notices

The Tarka Learning Partnership is open and transparent about how personal data will be used. Please see our Privacy Notices for details via our Privacy Notices page.

Data Protection Officer (DPO)

The DPO is responsible for monitoring compliance with the UK General Data Protection Regulation. The DPO is also the central point of contact for the Information Commissioner’s Office (ICO) and all data subjects in relation to matters of data protection and subject access requests.

Tarka Learning Partnership’s Data Protection Officer is John Walker. John’s contact details are:

John Walker
J A Walker, Solicitor
Office 7, The Courtyard
Gaulby Lane


Telephone: 03337 729763

Data Protection Breach & Non Compliance Procedure

Tarka Learning Partnership’s data breach and non compliance procedure can be found here.

Our data breach management flowchart can be found here.

Subject Access Requests

For details of how to request information through a Subject Access Request, please refer to our Subject Access Requests page.

Freedom of Information Requests

For details of how to request information through a Freedom of Information request, please refer to our Freedom of Information page.

Right to lodge a complaint with the Information Commissioner’s Office (ICO) or another supervisory authority

If you believe the Trust has acted otherwise than in accordance with the UK GDPR, we would like to hear from you. You have the right to lodge a complaint with the Information Commissioner’s Officer (ICO) / 0303 123 1113.

Tarka Learning Partnership’s ICO Registration Certificate is available on request.


For any data protection queries, please contact TLP’s Information and Governance Leader on

Please find contact details for GDPR Leads within each TLP school:

Eden Park Academy – Andrea Turnbull

Landkey Community Primary Academy – Sam Piper

Sticklepath Community Primary Academy– Emma Williams

Newport Community School Primary Academy – Wendy Ainscough

The Park Community School –Nic Upson

North Molton Primary School – Louise Gear

Roundswell Community Primary Academy –Emma Stubbs

Fremington Primary School – Emma Gilroy