Data Protection and Privacy

Data Protection and Privacy

At Tanfield School we take the protection of your data and privacy very seriously. The new General Data Protection Regulation (GDPR) comes in to force on 25th May 2018. We are committed to complying with all relevant EU and Member State laws in respect of personal data, and the protection of the rights and freedoms of individuals whose information we collect and process in accordance with the GDPR.

Who is responsible for personal data?

As a school, we act as a data controller and as such define how and why personal data is collected, stored, and used. We also utilise data processors – third parties that process the data we control on our behalf. As a data controller we must comply with the new regulation, as well as ensuring any data processors we use also comply.

Complying with the GDPR

Here at Tanfield School we achieve compliance by ensuring personal data is processed lawfully, transparently, and for a specific purpose. Once the purpose is fulfilled and the data is no longer required it will be deleted as defined within our Record Retention Schedule.

We are registered with the Information Commissioner's Office (ICO) as a data processor under the registration number Z9863300.

We currently have a variety of security measures in place to ensure personal data is protected, including:

  • advanced network protection, such as anti-virus and firewall solutions
  • regular data backup
  • automated suspicious activity detection and logging
  • tailored digital access permissions
  • physical protection, such as door access control and secure storage facilities

Additionally, our staff have access to certain personal data in order to carry out their duties and we therefore provide regular data protection training to ensure policies and procedures are being followed.

How you can help

As part of our preparation for GDPR we have ascertained the legal bases for processing data, some of which relies on consent. It is important that you return any consent forms to us as a matter of urgency so that we can continue to run certain systems. We rely on consent, for example, to provide pupils access to our biometric catering system. Whilst failure to return consent will not stop your child from using our catering facilities, it will mean they will not be able to use biometrics to do so. If you need a consent form please find it in the data protection documents and policies section below.

We respect the data rights of all our pupils but appreciate this can be a confusing subject for young people. We have created a privacy notice using language tailored to meet the needs of our younger pupils, which can be found in the data protection documents and policies section below. We would like to invite you to take this opportunity to read the relevant policies and discuss these with your child to help aid their understanding.

Subject access requests

If you would like to make a subject access request please view the relevant privacy notice below describing how you can do so.

Get in touch with us

If you have any further questions about how the GDPR affects you or your child, or how our school is working within the requirements of the GDPR, please don’t hesitate to contact our DPO at

Data protection documents and policies