Home UK General Data Protection Regulation (GDPR)

UK General Data Protection Regulation (GDPR)

UK GDPR is the UK’s version of the EU’s General Data Protection Regulation, forming part of the UK’s data protection framework alongside the Data Protection Act 2018, setting rules for handling personal data, granting individuals rights (like access and erasure), and requiring businesses to be accountable, secure, and transparent with the ICO (Information Commissioner’s Office) as the regulator. It mandates principles like data minimisation, accuracy, purpose limitation, and security, applying to UK entities and those processing data of UK individuals, and covers rights such as consent, portability, and objection.

The Data Protection Officer (DPO) for Haileybury Turnford is HFL Education.

Any data protection matters should be addressed to dpo@haileyburyturnford.com

We have issued the privacy notice below to all students and ask that the consent form be signed and returned to the school. The legislation has decided that at 13 children have the right of consent over their data.  This is a significant responsibility and we encourage parents/carers discuss the consent form with their child prior to completing and signing it.

Below is guidance on submitting a subject access request (SAR) and a form to use should you wish to make a SAR. It is not necessary to use this form however.

Relevant polices (which can be found in the Policies section of the website) are Data Protection Policy and CCTV policy.

Documents: