The EU General Data Protection Regulation (GDPR) includes rules on giving privacy information to those whose data is held by an organisation (data subjects). These are more detailed and specific than in the Data Protection Act and place an emphasis on making privacy notices understandable and accessible. Data controllers are expected to take ‘appropriate measures’ to ensure that this is the case.
The School interprets this as using very clear language to outline each of the responsibilities for each of the data subject groups.
The GDPR say that the information provided to data subjects about how the School processes their personal data must be:
- concise, transparent, intelligible and easily accessible;
- written in clear and plain language, particularly if addressed to a child; and ● free of charge.
These requirements are about ensuring that privacy information is clear and understandable for data subjects. This privacy notice deals with the overall privacy responsibilities of the school.
If you require any further clarification with regard to this, please contact our Data Protection officer, Mr I Cradick, via an email to: firstname.lastname@example.org.