The European Union General Data Protection Regulation (GDPR) May 2018, comprises rules on giving privacy information to individuals whose data is held by an organisation (data subjects). Consequently, detailed and specific privacy information has been provided.
The GDPR states that the information provided to data subjects about how their personal data is processed must be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, particularly if addressed to those under 18; and
- free of charge.
Subsequently, the Trust, as a data controller, has produced a comprehensive, overarching privacy notice detailing privacy responsibilities, and summary privacy notices for the following data subject groups: parents, pupils over the age of 13, staff, governors and alumni.
Each privacy notice deals with two sources of data: that obtained directly from you, the data subject and that obtained from others/elsewhere. Where applicable, for both sources, the identity of the data handler and the Data Compliance Manager are provided. Any queries should be addressed to the Trust’s Data Compliance Manager who can be contacted at email@example.com.