There are several aspects to the GDPR (General Data Protection Regulation) that from May 2018 will change how organisations communicate with users and process their personal information.
Havant & South Downs College recognises the importance of protecting personal and confidential information in all that we do. Individuals have the right to be informed about the collection and use of their personal data and is a key transparency requirement under the GDPR.
We must provide privacy information to individuals at the time we collect an individual’s personal data. To comply with data protection legislation, the college needs to be transparent with how personal data is used within the organisation. The transparency requirements of the GDPR create several overarching legal obligations for how we collect and use people’s personal data.
The information we provide to people must be concise, transparent, intelligible, easily accessible, and it must use clear and plain language. We have created tailored privacy notices, so that an individual can navigate to the most relevant privacy notice that applied to them. For example, there is a privacy notice for students and a privacy notice for a website user.
See below the expandable sections each privacy notice will contain.
All personal data that we collect from an individual directly will receive the following information:
All privacy notices are available on the HSDC website (www.hsdc.ac.uk) all privacy notices will also be issued at the time we collect personal data from individuals. If we obtain personal data from a source other than the individual it relates to, we will provide them with privacy information within a reasonable period of obtaining the personal data and no later than one month, or when communication first takes place or when the data is disclosed. When collecting personal data from individuals, we do not need to provide you with any information that you already have.
The GDPR defines personal data as “any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” .
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Sensitive personal data
The GDPR refers to sensitive personal data as “special categories of personal data” this can be
Special category data is personal data which the GDPR says is more sensitive, and so needs more protection.
Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.
We take the security of all the data we hold very seriously. We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data we hold secure.
If you require further information about any of the privacy notices or about your personal data, please contact our data protection officer kat Kuzmin who’s contact details are:
Data Protection Officer
Telephone: 02393 879 999