The new European General Data Protection Regulation (GDPR) law  came into effect on 25 May 2018. The objective of this law is to ensure all personal data relating to living EU citizens (including the UK) is protected and that those who are entrusted with such data are held accountable for its protection.

The City Learning Trust (CLT) and its member academies are committed to data privacy and protection and has taken necessary steps to ensure GDPR compliance. The GDPR principles are embedded in our data processing so that parents/carers, pupils, staff, volunteers and visitors are assured that we handle their personal data respectfully, and do so in line with the law.

GDPR compliance is driven by the Trust Board and our main areas of focus / actions taken to prepare for GDPR are listed below:

Personal Data Review

  • The Trust’s data protection policy has been rewritten in line with GDPR.  All existing and related policies and procedures  also adhere to new legislation and uphold the highest standards of privacy and protection of personal data rights.
  • A thorough data audit has been carried out across the Trust to identify all data held and processed.

We have recorded:

  • The nature and purpose of processing.
  • Categories of data subjects.
  • Types of personal data held and processed.
  • Identified the lawful basis for all our personal data processing.
  • Detailed the retention period for all data.
  • Detailed how data will be securely stored and disposed of.
  • Detailed who we share data with.
  • Our policies and privacy notices conform to the legislation for protection of children’s data.


  • We have re-written our privacy notices for staff, pupils and parents/carers to align with GDPR guidelines.

    Our processes will ensure that:
  • All procedures align with the individual’s rights as specified under GDPR.
  • Subject Access Request procedure to manage requests for data is in line with GDPR
  • Seeking, recording and managing consent is in line with GDPR.

Processes, Contracts and Employees of the Trust

  • We will implement, when necessary, Data Protection Impact Assessments for projects that may involve high risk processing as covered under GDPR.
  • A new addendum added to contracts with existing contractors to ensure all parties take account of their respective obligations and responsibilities under GDPR.
  • All staff are well informed of the new legislation. GDPR awareness training is included in the Trust’s annual training cycle.
  • We have appointed a Data Protection Officer.

If  you have any queries please contact the Trust’s Data Protection Officer:

Joanne Shaw

City Learning Trust

High Lane


Stoke on Trent

Tel No: 07940514736



GDPR Data Protection Policy

Records Management Policy

Use Your Own Device Policy

Privacy Notices



Governor/Volunteer Privacy Notice

Staff Privacy Notice

Job Application Privacy Notice