What is GDPR?


 On 25 May 2018 a new piece of European legislation comes into force in the UK which is known as the General Data Protection Regulation (GDPR). This new legislation puts your rights at the heart of all data processing and requires us to be more transparent and accountable about how we process your data.

We also need everyone to play their part to ensure the College is compliant with the legislation and this starts with you completing the data protection training available on Moodle. You may be contacted by one of our Data Stewards, our Data Custodians or the GDPR Project team led by the Data Protection Officer, Elaina Moss, to help us with our programme of work towards achieving compliance.

As an individual you have certain rights provided to you by the GDPR:

1. The right to be informed

When we collect your data, either directly from you or via a third party, we have a responsibility to provide you with information about what we will do with your data, how long we will keep it and who we might share it with. The document we use to provide you with this privacy information may be called a collection notice, a privacy notice or covered in a privacy policy.

2. The right of access

You have the right to access your personal data which the College holds. 

3. The right to rectification

You have the right to have personal data rectified if it is inaccurate or incomplete. If we have disclosed the data to third parties, they will also be informed of the rectification where possible. The third parties to whom the data has been disclosed will also be shared. This process will be completed within one calendar month barring special circumstances. 

4. The right to erasure

Also known as ‘the right to be forgotten’, the broad principle underpinning this right is to enable you to request the deletion or removal of personal data where there is no compelling reason for its continued processing. This is not an absolute right and in some cases we will need to keep processing some of your personal data.

5. The right to restrict processing

You have a right to block or supress processing of personal data. When restricted, the College will store the personal data but not further process it, in addition to this we shall retain only enough information about the individual to ensure that the restriction is maintained in the future. This is not an absolute right and in some cases we will need to keep processing some of your personal data. 

6. The right to data portability

In certain circumstances you can request that the personal data you have provided to us be transmitted to another data controller. 

7. The right to object

You can object to us processing any of your personal data which is done on the basis of our legitimate interests, in performing a task in the public interest or if we are processing your data for the purpose of research and statistics. 

8. Rights in relation to automated decision making and profiling.

You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or has a similarly significant impact unless this processing is necessary for entering into, or facilitating the performance of, a contract between the you and the College.

We can also process your data in this way if the activity is authorised by law which also lays down suitable measures to safeguard your rights and freedoms and legitimate interests or if you have given your consent.