Hurst's GDPR rules
Hurstpierpoint College – Privacy Notices
The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to individuals whose data is held by an organisation (data subjects). These rules are more detailed and specific than those in the Data Protection Act and place an emphasis on providing privacy information that is both clear and understandable to data subjects, and organisations are expected to take ‘appropriate measures’ to ensure that this is the case.
The GDPR says that the information provided to data subjects about how their personal data is processed data must be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, particularly if addressed to a child; and
- free of charge.
Accordingly the College, as a data controller, has produced
- a comprehensive, overarching privacy notice which deals with its detailed privacy responsibilities, and
- summary privacy notices for each of the principal data subject groups with whom it deals including parents, pupils over the age of 13, staff, governors and alumni.
If you are a member of one of these subject groups you should, as a minimum, ensure you read the summary privacy notice applicable to you
Each notice deals with two sources of data: that obtained directly from you and that obtained from others or elsewhere. Where applicable, for both sources, the identity of the data handler and the Data Compliance Officer are provided. The College’s Data Compliance Officer is the Bursar and any queries should be addressed to him at firstname.lastname@example.org.