Home Page

Data Protection

Statement of intent


The Challenger Multi Academy Trust (CMAT) is required to keep and process certain information about its staff members and pupils in accordance with its legal obligations under the Data Protection Act 1998.


The Trust may, from time to time, be required to share personal information about its staff or pupils with other organisations, mainly CMAT related services such as HR division, LA, other academies and educational bodies, and potentially social services.


This policy is in place to ensure all staff and governors are aware of their responsibilities and outlines how the Trust complies with the following core principles of the Act:


  • Data must be processed fairly and lawfully.
  • Data must only be acquired for one or more lawful purposes and should not be processed for other reasons.
  • Data must be adequate, relevant and not excessive.
  • Data must be kept accurate and up-to-date.
  • Data must not be kept for longer than is necessary.
  • Data must be processed in accordance with the data subject’s rights.
  • Appropriate measures must be taken to prevent unauthorised or unlawful access to data and against loss, destruction or damage to data.
  • Data must not be transferred to a country or territory unless it ensures an adequate level of protection for the rights of the subject.

Organisational methods for keeping data secure are imperative, and CMAT believes that it is good practice to keep clear practical policies, backed up by written procedures.