What is  UK GDPR?

UK GDPR stands for The UK General Data Protection Regulation.

Aquila, The Diocese of Canterbury Academies Trust will ensure that personal data is protected and kept safely and securely. It will ensure that its policy for data protection is used as the basis for collecting, storing, accessing, sharing and deleting personal data. The Trust will use the UK GDPR as the benchmark for its standard for protecting personal data.


  1. To ensure that decision makers and key people in school comply with the UK GDPR
  2. To ensure that there will be regular reviews and audits of the information we hold to ensure that we fully meet the UK GDPR statutory requirements.
  3. To document the personal data we hold, where it came from and with whom it will be shared.
  4. To ensure that data collection, data handling, data storage and data disposal procedures are in line with the UK GDPR and cover all the rights individuals have, including how personal data is deleted and destroyed.
  5. Where there is a personal data breach the procedures used to detect, report and investigate it will meet the requirements of the UK GDPR.
  6. The systems the school puts into place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity will meet the standard set in the UK GDPR.
  7. Data protection by design and data protection impact assessments will meet with the ICO’s code of practice on privacy impact assessments as well as with the latest guidance.
  8. The Trust will have a Data Protection Officer who will be given responsibility for data protection compliance and a data protection lead will be in each school.
  9. When schools requests data we will provide appropriate privacy notices to explain why data is being and the purposes for which it is used.


The requirements of the UK GDPR will be met by the Trust as the basis for collecting, storing, accessing, sharing and deleting personal data. Data will be processed fairly lawfully and in a transparent manner. It will be used for specified, explicit and legitimate purposes in a way that is adequate, relevant and limited. It will be accurate and kept up to date and kept no longer than is necessary. Data will be processed in a manner that ensures appropriate security of the data.

To contact the Trust DPO please email 

Data Protection Policy

Data Retention Policy

Email Policy

Freedom of Information Publication Scheme

Subject Access Request Policy