General Data Protection Regulation (GDPR)

What is GDPR?
This refers to the General Data Protection Regulation originally EU legislation that has been taken into UK law and should be viewed alongside the Data Protection Act 2018 to provide a comprehensive picture of data protection legislation in the UK.

GDPR legislation is designed to ‘harmonise’ data privacy laws across Europe, as well as give greater protection and rights to individuals. With the introduction of GDPR there are significant additional protections for the public. The legislation identifies specific responsibilities for businesses and public bodies that handle personal information to ensure that data protection is considered whenever there is a requirement to process personal information. In essence, data protection legislation is about protecting personal data, and ensuring that individuals are aware of what data is being processed and how it is used. It gives individuals greater control and say over how their personal data is used by companies and public bodies.

GDPR defines personal data as:
Any information relating to an identified or identifiable person (known as a Data Subject).

An identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as name, an ID number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of a natural person.

Data protection at Learning Academies Trust

You can view our a list of our data protection and subject access requests policies via our policies page.

ICO Registration