At Osborne Co-operative Academy Trust, we are committed to protecting personal information. Our values—like equality, honesty, and caring for others—guide how we work every day. This includes how we handle the personal data of students, parents, staff, and others connected to our schools.
Data protection is not just a rule—it’s a legal duty. It helps us protect people’s rights and make sure any personal data we collect is used safely and correctly.
This article explains the key rules in our Data Protection Policy in simple words, so everyone can understand how to stay compliant.
Why Data Protection Matters
Protecting personal information is very important. It helps keep people safe from identity theft, misuse of their information, or unfair treatment. Whether you’re a teacher, admin staff, or volunteer, following the rules keeps everyone’s data secure and builds trust in our schools.
Key Rules Everyone Must Follow
We’ve broken down the main rules into simple points so everyone can follow them easily.
Follow the Law
Everyone must follow the Data Protection Act 2018 and the Human Rights Act when handling personal information. These laws protect people’s privacy.
Keep People Informed
Whenever we collect personal data, we must give people a clear and up-to-date Privacy Notice. This tells them what we’re doing with their data.
Assess Risks Before Making Changes
If we’re starting something new that uses personal data, we must check how it affects people’s privacy before going ahead.
Only Use What’s Needed
Only collect and use the minimum amount of personal data needed to get the job done.
Be Careful With Opinions
When writing down opinions or comments about students, parents, or colleagues, make sure it’s done professionally and respectfully.
Keep Data Accurate
We must always try to keep information correct and up to date.
Get Consent When Needed
Only use personal data with consent if there’s no legal reason to do it otherwise. And remember—if we’re using it for marketing, consent is a must.
Reconfirm Consent Regularly
Consent needs to be renewed at the end of each Key Stage.
Delete When No Longer Needed
If we don’t need the data anymore, we must securely delete it.
Handling Requests for Information
If someone asks to see their data, we must follow the correct procedure to give them access. If they ask to see someone else’s data, we must check the law first.
Respect Privacy Rights
If anyone wants to change how we use their data, we must consider their rights.
Only Access What You’re Allowed
Never look at data you don’t have permission to see.
Share Data Carefully
Only share data if it’s legally allowed, and only with approval from the Data Protection Officer or Senior Information Risk Owner.
Monitor Legally
If calls, emails, or internet use are being recorded, it must follow legal rules.
Stay Trained
Everyone must have the right training to handle data safely—and that training must stay up to date.
Special Categories of Data
Extra care must be taken with sensitive data like health, religion, or biometric info. It should only be shared securely and when absolutely necessary.
Using AI and Overseas Data Transfers
If you want to use AI tools or send data outside the UK, get approval first from the right person.
How to Stay Compliant
We have many detailed policies and procedures to help you follow these rules. If you’re not sure what to do, always ask your Data Protection Lead.
These supporting documents include guidelines for:
- Handling data breaches
- Managing records
- Using biometrics or AI tools
- Responding to data requests
- Keeping data secure and minimised
What If You Can’t Follow a Rule?
If there’s a good reason you need to do something differently, speak to the school office and ask for formal permission. Don’t break the rules without approval.
What Happens If You Break the Rules?
Breaking these rules is serious. It can lead to disciplinary action or even losing your job. In some cases, legal action might be taken.
Data protection is everyone’s responsibility. By understanding and following these simple rules, you help keep our school community safe, respectful, and trustworthy. Remember, when in doubt, always ask for guidance. Protecting personal data is not just about rules—it’s about respect and care for others.
