General Data Protection Regulations (GDPR) and Freedom of Information

Return to Key Information

From 25th May 2018 Data protection regulations have changed. Below are the policies that explain how Prosper Learning Trust use and store your data.  They will also give you information about how to access and change the data we hold on you or your child and what consent you will be asked to give.

Our Data Protection Officer is Victoria Hall.  Any enquiries about data should go to the Data Protection Officer via the Prosper Learning Trust e-mail address or by calling 0191 605 3899.

Prosper Learning Trust is registered with the ICO - ZA303297.

Data Security

Prosper Learning Trust is committed to keeping all personal data that it holds safe from loss, corruption or theft. The measures in place to do this include:

  • Data protection training for all employees, Local Advisory Committee members and Trustees
  • Policies and procedures detailing what employees and office holders can and cannot do with personal data
  • Various IT security safeguards such as firewalls, encryption, and anti-virus software
  • On-site security safeguards to protect physical files and electronic equipment.

Prosper Learning Trust have a procedure to deal with any breach in data security.  Any breach will be reported to and dealt with by the DPO.  The breach will be recorded, investigated and steps taken to lessen any impact.  The DPO will decide if the breach is significant enough to report to the ICO.  This must be done within 72 hours of the data breach.  The DPO will evaluate the breach, risk assess and put in any changes to data security or process as required.

Identifying Our Lawful Basis for Processing

We use public task as the lawful basis for most of our processing and controlling of data. This means that we need to process personal data to carry out our official functions in the public interest i.e. educating our pupils.

We also use consent for processing data where this is necessary to fulfil our duty to educate. This is only used when none of the other reasons apply, as the standard for getting consent is very high and consent can be withdrawn at any time.


Article 5 of the GDPR states that personal data must be:

  • Processed fairly, lawfully and in a transparent manner in relation to the data subject
  • Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with those purposes
  • Adequate, relevant and limited to what is necessary in relation to the purposes for which data is processed
  • Accurate and, where necessary, kept up to date
  • Kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed
  • Processed in a way that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

How We Deal With Records


We routinely share pupil information with:

  • Schools that the pupils attend after leaving us
  • Relevant local authorities – to meet our legal obligations to share certain information with them, such as safeguarding concerns, exclusions and attendance
  • The Department for Education – see below
  • Pupil’s family and representatives
  • Examining bodies and Award Providers (AQA, Edexcel, Princes Trust, NNAS)
  • Suppliers and service providers (Class Charts, Epraise, CPOMS, Bromcom, B-Squared) – to enable them to provide the service we have contracted them for
  • Our regulator – Ofsted
  • Police forces, courts, tribunals
  • Professional bodies
  • Health and social welfare organisations
  • Professional advisers and consultants
  • Health authorities
  • Central and local government
  • Connexions (careers service)/youth support services (pupils aged 13+)


Individuals have the following rights:

  • Be informed of data processing (which is covered by the Trust's Privacy Notices, including pupils, staff and governance)
  • Access information (also known as a Subject Access Request)
  • Have inaccuracies corrected
  • Have information erased
  • Restrict processing
  • Data portability 
  • Intervention in respect of automated decision making (automated decision making is rarely operated within schools)
  • Withdraw consent
  • Complain to the Information Commissioner’s Office


We take any complaints about our collection and use of personal information very seriously. If you think that our collection or use of personal information is unfair, misleading or inappropriate, or have any other concern about out data processing, please raise this with us in the first instance.

To make a complaint please contact Victoria Hall, Data Protection Officer (see contact details below). Alternatively, you can make a complaint to the Information Commissioner’s Office:

  • Report a concern online at 
  • Call 0303 123 1113
  • Or write to: Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF

Further information

If you have any questions, concerns or would like more information about anything mentioned in this privacy notice, please contact Victoria Hall, Data Protection Officer at