General Data Protection Regulations
The UK GDPR is the UK General Data Protection Regulation. It is a UK law which came into effect on 01 January 2021 and sets out the key principles, rights and obligations for most processing of personal data in the UK, except for law enforcement and intelligence agencies.
It is based on the EU GDPR (General Data Protection Regulation (EU) 2016/679) which applied in the UK before that date, with some changes to make it work more effectively in a UK context,
You may need to comply with both the UK GDPR and the EU GDPR if you operate in Europe, offer goods or services to individuals in Europe, or monitor the behaviour of individuals in Europe. The EU GDPR is regulated separately by European supervisory authorities, and you may need to seek your own legal advice on your EU obligations.
If you hold any overseas data collected before 01 January 2021 (referred to as ‘legacy data’), this will be subject to the EU GDPR as it stood on 31 December 2020 (known as ‘frozen GDPR’). In the short term, there is unlikely to be any significant change between the frozen GDPR and the UK GDPR.
Data Protection Officer
The Data Protection Officer is responsible for overseeing data protection within the School so if you have any questions in this regard, please do contact them on the information below:
Data Protection Officer (DPO): Craig Stilwell
Company: Judicium consulting Ltd
Address: 72 Cannon Street, London, EC4N 6AE