View our policies
To view our policies, please visit here
On 25 May 2018 the General Data Protection Regulation (GDPR) will come into force in the UK and across EU member states. It replaces the Data Protection Directive 95/46/EC. The aim of GDPR is to protect the personal data of citizens and to reshape how organisations approach data privacy. The UK Parliament is currently preparing a new Data Protection Bill which will be fully compliant with GDPR.
GDPR will apply to all aspects of the College’s work.
What are the main changes with GDPR?
The consent required for the use and processing of personal data will be strengthened (implied consent will no longer be allowed). Consent statements must use clear, plain language.
Right to Access
Data subjects will have the right to ask organisations what personal information concerning them is being processed and for what purpose. Copies of data have to be provided free of charge and in an electronic format when requested.
Right to be Forgotten
Data subjects will be entitled to ask organisations to erase personal data which organisations may hold on them (organisations are able to refuse such requests, for example when data is required for legal purposes)
Individual will have the right to receive the personal data concerning them in a commonly used format and have the right to transmit that personal data to another organisation (e.g. an employee changing jobs; a student moving to another college or university)
Privacy by Design
Organisations must demonstrate that the protection of data is a key element in how data is processed and in the systems which process that data.
Data Protection Officer
GDPR requires the College to have a Data Protection Officer (DPO). The DPO’s role is to monitor internal compliance and to inform and advise on data protection obligations. The College has appointed Dave Brookes as its Data Protection Officer.
David Finch (Vice Principal)
30 April 2018