Skip to content

Data protection background

The new EU data protection law, called the General Data Protection Regulation (EU Regulation 2016/679) (the ‘GDPR’), came into force on 25 May 2018 and replaced the Data Protection Act 1998 in its entirety. Dr Kait Baxter (‘the educational psychologist’) is committed to protecting and respecting your privacy and is the data controller for the information collected. My contact details can be found on my website, This Policy explains how the educational psychologist uses your personal data: how it is collected, how it is held, and how it is processed. It also explains your rights under the law relating to your personal data. Personal data is defined by the GDPR as, ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. This includes contact information that is used to communicate with individuals and organisations, as well as client confidential data collected or generated by the educational psychologist. Further information about data protection law can be found by contacting the Information Commissioner’s Office (ICO)

Why is personal information collected by the educational psychologist?

Personal information is collected to deliver an educational psychology service that has been commissioned by a parent, school, or other education setting. Informed consent will be obtained before any data is collected, processed or stored. The specific work carried out will vary according to the child/young person’s individual needs and the concerns being explored.

The educational psychologist has a legitimate interest to collect personal information about a child/young person and where appropriate parents/carers. This information is gathered for the purpose of forming a professional opinion or psychological formulation. In so doing, the educational psychologist only collects information that is relevant to the purpose of undertaking that work and the associated reporting and advising. 

What personal information is collected?

Personal information is only obtained with written consent from parents/carers/legal guardians.

The educational psychologist will collect personal information including the name of the child/young person, date of birth, gender, contact address and telephone number. Educational psychology assessments often involve the processing of special category data, including information about health, educational achievements, cognitive functioning, personality, interests, and family history. 

Personal information about a child/young person may be obtained from a third party, including their school/education setting and other professionals/agencies (e.g. health services). This might include school reports and assessment data.

How is information collected, processed, stored, and shared?

For how long will personal information be stored?

All personal and sensitive data will be stored securely until the child/young person turns 25 years of age. In their 25th year, the electronic folder and any remaining paper records will be deleted/destroyed. 

Will you share data with anyone else?

If another party (e.g., the police, social care) has requested access to your data, I will ask for your consent to share information and outline who they are, what they will do with your data, and why they have asked for it. You have the right to say no to this request. In two specific situations, I do not need to ask permission to share your data. These are: if there is a risk to your child’s vital interests, or if I have a legal obligation to share the data. 

What happens to data if I were to die?

In the event of my unexpected death, all pupil data will be confidentially destroyed by the appointed executor.

Your rights in relation to your data

You have the right to access information and/or records that the educational psychologist holds about you. You can make a ‘subject access request’ (SAR) by contacting the Data Protection Officer (Dr Kait Baxter) in writing.

Client access to records will be restricted to information about themselves, or a child they are the parent/legal guardian of. Restrictions will apply when disclosure would violate the child/young person’s vital interests.

There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover administrative costs in responding.

The educational psychologist will respond to your subject access request within one month of receipt. Normally, the educational psychologist will provide a complete response, including a copy of your personal information within that time. In some cases, however, particularly if your request is more complex, more time may be required, up to a maximum of three months from the date received.

​​Under article 17 of the GDPR, individuals have the right to have personal information erased. This is known as the ‘right to be forgotten’. This right is not absolute and only applies in specific circumstances. In each situation, the educational psychologist will decide what information should be deleted and what data may need to be retained, for example to defend professional practice or meet other regulatory requirements. This will be based on the protection of the child/young person’s vital interests.

Data breach procedure

Any data breaches will be reported to the Information Commissioner’s Office (ICO) and the data subject(s) within 72 hours of the educational psychologist becoming aware of the breach.

Contact details

To contact the educational psychologist about anything to do with your personal information and data protection, including to make a subject access request, please use the following email address and include the following: For the attention of Dr Kait Baxter, Educational Psychologist / Data Controller)

Changes to this policy

This Data Protection Policy is regularly reviewed. It may be necessary to update or amend this policy from time to time, for example if the law changes or if the educational psychology service delivery changes in a way that affects personal data protection.

Written: August 2023

Next review date: August 2024

Get in touch

If you would like to get in touch about working with us, please fill in an enquiry form by clicking the button below