office@kcsp.org.uk
01622 232
662
Data Protection
The Trust's Data Protection Officer is Charlotte Robinson, for any Data Protection related questions or queries that you do not find an answer to below, please contact the DPO team at DPO@kcsp.org.uk / 01622 232 662 .
ICO Registration:
The Trust and its schools are registered with the ICO, our registration number is: ZA000294.
ICO Registration Certificate
DP Lead Update - May 2025- recording
DP Lead meeting: PowerPoint presentations
DP Lead update session May 2025.pdf
DP Lead and update and next steps May 2024.pdf
Data Protection Booklet September 2024.pdf
Data Protection Booklet September 2024 - CANVA version ppsx
GDPR Training requirements for all Trust employees and governance committee members:
GDPR
The Trust's online GDPR Training courses are held within the GDPRis system; new employee GDPRis accounts are created in school by the school DP Lead admin contact. Course's are entitled 'Data Protection Essential', and are tailored for specific job roles, i.e, Teaching, Site Manager, Office Admin, Catering. All new employees must complete a relevant 'Data Protection Essential online course, module 1 and module 2, as part of their induction. GDPR training must then be refreshed by all employees on an annual basis.
Cyber Security
Cyber Security training is a requirement for all staff at point of induction, renewable on an annual basis. Training is held within the GDPRis system: NCSC Training Course for all schools: all staff C250028. Evidence of training MUST be kept for verification in the event of a cyber security incident.
LGC members will be invited to complete the same, relevant, training courses by the Governance team; LGC clerks will support completion and compliance on an ongoing basis.
How to manage a Data Breach:
What you need to do if your school receives a Data Subject Access Request (DSAR):
By law, people can ask you for a copy of any information that’s to do with them. It might be saved on a school or Trust system, but if it’s about them, it’s their personal data, and they have a right to see it. If they ask you for a copy of it, by phone, in person, or in writing, they have made a ‘data subject access request’ (DSAR), and you need to take action.
It is likely that any DSAR received will be from a current or former pupil or their parent/carer/ representative. Please record the request on the GDPRis system, or notify your school Data protection lead, and follow the advised steps to complete the request.
We have one calendar month to get what you need together and send it to the relevant person. We may also need to check the requestor's ID or ask for other information, and we need to do this as soon as possible.
Please email dpo@kcsp.org.uk if you need additional advice or call on 01622 232662
DSAR template letters
1a DSAR confirmation of receipt letter - school.docx
What you need to do if your school receives a Freedom of Information Request (FOI):
Anyone has a right to request information from a public authority. The Trust and its schools have two separate duties when responding to these requests:
to tell the applicant whether we hold any information falling within the scope of their request; and
to provide that information
We normally have 20 school days to respond to a request.
For a request to be valid under the Freedom of Information Act it must be in writing, but requesters do not have to mention the Act or direct their request to a designated member of staff. Any letter or email to the school or to the Trust asking for information from the school/s is a request for recorded information under the Act.
Please advise the Trust's DPO of the request as soon as you receive it; they will then advise you what you need to do next and by when to fulfil the FOI.
Data Protection and GDPR
Policies & Privacy Notices