About Us



The General Data Protection Regulation (GDPR) sets out requirements for how schools and organisations handle personal data.  It ensures a balance between an individual’s rights to privacy and the lawful processing of personal data. The GDPR protects the rights of individuals about whom data is obtained, stored, processed or supplied and requires that schools and organisations take appropriate security measures against unauthorised access, alteration, disclosure or destruction of personal data.

At Cansfield we shall collect, process and share personal data fairly and lawfully and for specified purposes, and only when we have a specified purpose for processing personal data and special category of data as set out in the GDPR.  We shall review the purposes of the processing activity and select the most appropriate lawful basis for that processing.  The GDPR policies set out how we handle the personal data of our pupils, parents, suppliers, employees, workers and other third parties.

See the following policies in About Us / Policies for more information:

  • CCTV Policy
  • Data Breach Policy
  • Data Protection Policy
  • Data Retention Policy
  • Electronic Information and Communications Policy
  • Freedom of Information Policy and Publication Scheme
  • Information Security Policy
  • Subject Access Request Policy


Privacy Notice for Pupils and Parents