The General Data Protection Regulation (GDPR) sets out requirements for how schools and organisations handle personal data. It ensures a balance between an individual’s rights to privacy and the lawful processing of personal data. The GDPR protects the rights of individuals about whom data is obtained, stored, processed or supplied and requires that schools and organisations take appropriate security measures against unauthorised access, alteration, disclosure or destruction of personal data.
At Cansfield we shall collect, process and share personal data fairly and lawfully and for specified purposes, and only when we have a specified purpose for processing personal data and special category of data as set out in the GDPR. We shall review the purposes of the processing activity and select the most appropriate lawful basis for that processing. The GDPR policies set out how we handle the personal data of our pupils, parents, suppliers, employees, workers and other third parties.
See the following policies in About Us / Policies for more information:
- CCTV Policy
- Data Breach Policy
- Data Protection Policy
- Data Retention Policy
- Electronic Information and Communications Policy
- Freedom of Information Policy and Publication Scheme
- Information Security Policy
- Privacy Notice for Governors
- Privacy Notice for Job Applicants
- Privacy Notice for Pupils and Parents
- Privacy Notice for Staff
- Privacy Notice for Visitors and Contractors
- Subject Access Request Policy