ARC SCHOOL
DATA PROTECTION POLICY
Reviewed August 2015
Next Review Date: 08/2016
ARC SCHOOL
DATA PROTECTION POLICY
Contents
1. Purpose & Scope ................................................................................................................. 3
2. HR Responsibilities ................................................................................................................ 3
3. Line Managers’ Responsibilities ......................................................................................... 4
4. Workers’ Responsibilities ...................................................................................................... 4
5. Independent Governors ..................................................................................................... 5
DATA PROTECTION POLICY
Page 2 of 5
AUG 2015
ARC SCHOOL
DATA PROTECTION POLICY
1.
Purpose & Scope
Personal data (including sensitive personal data) as defined in the Data Protection
Act 1998 relating to you and your employment may be processed by the
Company to the extent that it is reasonably necessary in connection with your
employment or the business of the Company.
The aim of this policy is to ensure that data protection compliance is an integral
part of our employment practice. The Company will strive to develop a culture in
which respect for private life, data protection, security and confidentiality of
personal data are seen as the norm.
The Company is registered for data protection purposes and will ensure that
personal data is:

Processed fairly and lawfully;

Processed for limited purposes and not in any manner incompatible with
those purposes;

Adequate, relevant and not excessive;

Accurate;

Not kept for longer than is necessary;

Processed in line with employees’ rights;

Secure;

Not transferred to countries that don’t protect personal data adequately.
The Company has the right to hold sensitive personal data to fulfil any statutory or
common law requirements including:
2.

Ensure the health, safety and welfare at work of employees;

Select safe and competent workers;

Ensure a safe working environment;

Not to discriminate;

Ensure the reliability of workers with access to personal data;

Protect customers’ property or funds in the Company’s possession;

Check immigration status before employment.
HR Responsibilities
The site HR Administrator, supported by the Kedleston Schools HR Team, will be
responsible for ensuring employment practices and procedures comply with the
Data Protection Act 1998 and will ensure that system is in place for checking that
procedures are followed in practice.
DATA PROTECTION POLICY
Page 3 of 5
AUG 2015
They will assess what personal data about employees are in existence and who is
responsible for that data.
They will eliminate the collection of personal data that is irrelevant or excessive to
the employment relationship. If sensitive data is collected then the HR Team will
ensure that the appropriate sensitive data condition is satisfied.
The HR Team will hold prospective job applications and CVs on file and ensure the
individual is advised. If any applicant does not wish their details to be held on file
then that information will be destroyed and their application removed from the
process.
If the company no longer requires the information e.g. applicants not short-listed
or rejected after interview, then this data will be disposed of appropriately after six
months.
The HR Administrator will also ensure that the Company has a valid notification in
the register of data controllers that relates to the processing of personal data
about employees.
3.
Line Managers’ Responsibilities
Line Managers will be responsible for ensuring that the data collected by them and
their team in the course of carrying out their roles is proportionate and is stored
securely.
They will be responsible for the security of any data they collect and for the use of
that data.
Line Managers should ensure that duplication of data held is kept to an absolute
minimum.
4.
Workers’ Responsibilities
For the purposes of this policy the definition of ‘Workers’ includes employees,
volunteers, students, interns, consultants and third parties working for or on behalf
of the Company.
Workers are criminally liable if they knowingly or recklessly disclose personal data
outside the Company’s policies and procedures. A worker disclosing personal
data i.e. another colleague’s salary, without the authority of the Company may
be subject to disciplinary action which may result in summary dismissal.
Applicants for jobs ought to provide accurate information including unspent
criminal convictions and may breach other laws if they do not. Again, individuals
who have falsified information will be subject to disciplinary action which may result
in summary dismissal.
All employees, including line managers, have a part to play in security compliance,
for example by ensuring that waste paper bearing personal data is properly
disposed of by being shredded.
DATA PROTECTION POLICY
Page 4 of 5
AUG 2015
5.
Independent Governors
As part of the governance process Kedleston Schools Ltd has appointed an
independent Chair to provide impartial oversight into the running of each school/
setting.
As part of their duties these individuals will have access to performance
management files and general employee data which will allow for appropriate
scrutiny over management practices.
All independent governors are required to sign a confidentiality & data protection
agreement designed to protect employees’ Data Protection rights.
DATA PROTECTION POLICY
Page 5 of 5
AUG 2015