Skip to content ↓
Tapscott Learning Trust

Tapscott Learning Trust

Data Protection

The Tapscott Learning Trust is committed to comply with all the relevant data protection laws in respect of personal data, and protecting the “rights and freedoms” of individuals whose information the schools collects about staff, pupils, parents, governors, visitors and other individuals. These are stored and processed in accordance with the General Data Protection Regulation (GDPR) and the expected provisions of the Data Protection Act 2018 (DPA 2018) as set out in the Data Protection Bill.

To that end, schools within the Trust have developed, implemented, maintains and continuously improves a documented personal information management system (PIMS) in each school. The scope of PIMS takes into account the school structure, management responsibility, jurisdiction and geography. Each school's objectives for PIMS is that it should enable the school to meet its own requirements for the management of personal information; that it should support school objectives and obligations; that it should impose controls in line with the schools' acceptable level of risk; that it should ensure that the school meets applicable statutory, regulatory, contractual and/or professional duties; and that it should protect the interests of individuals and other key stakeholders.

In meeting PIMS, this policy applies to all personal data of natural persons, regardless of whether it is on paper or electronic format.

Legislation and Guidance

The TTLT Data Protection Policy meets the requirements of the GDPR and the expected provisions of the DPA 2018. It is based on guidance published by the Information Commissioner's Office (ICO) on the GDPR, alongside the guides to GDPR, including Preparing for the General Data Protection Regulation (GDPR) 12 Steps to Take Now, and the ICO's code of practice for subject access requests.

It also reflects the ICO's code of practice for the use of surveillance cameras and personal information.

This policy complies with regulation 5 of the Education (Pupil Information) (England) Regulations 2005, which gives parents the right of access to their child's educational record. Due regard to this is given to the following legislations: The Freedom of Information and Data Protection (Appropriate Limit and Fees) Regulations (2004) and The School Standards and Framework Act (1998).


The Trust is committed to complying with data protection legislation and good practice including:

  • processing personal information only where this is strictly necessary for legitimate organisational purposes;

  • collecting only the minimum personal information required for these purposes and not processing excessive personal information;  

  • providing clear information to individuals about how their personal information will be used and by whom;

  • only processing relevant and adequate personal information;

  • processing personal information fairly and lawfully;

  • maintaining an inventory of the categories of personal information processed by the school;

  • keeping personal information accurate and, where necessary, up to date;

  • retaining personal information only for as long as is necessary for legal or regulatory reasons or, for legitimate organisational purposes;

  • respecting individuals' rights in relation to their personal information, including their right of subject access;

  • keeping all personal information secure;

  • only transferring personal information outside the EU in circumstances where it can be adequately protected;

  • the application of the various exemptions allowable by data protection legislation;

  • developing and implementing a PIMS to enable the policy to be implemented

  • where appropriate, identifying internal and external stakeholders and the degree to which these stakeholders are involved in the governance of the school's PIMS;

  • the identification of employees with specific responsibility and accountability for the PIMS; and

  • carry out an annual audit of General Data Protection

The TTLT Data Protection Policy includes all of the necessary privacy notices that gives information on how we will process data of individuals. Please see below the TTLT Data Protection Policy attached.

The TTLT Data Protection Officers (DPO) are responsible for overseeing the implementation of monitoring our compliance with data protection law, and developing related policies and guidelines where applicable.

The Data Protection Officers are below and their contact details can be found on the links below:

Shazidur Rahman

Swasthi Mahabeer

Shella Lawrenson

Femi Otukoya

Rohan Allen

Taz Mansuria

The Tapscott Learning Trust, Atlas Road, London E13 0AG
020 3108 0326