top of page

GDPR

A student stroking a Mini Shetland Pony

Main GDPR principles​

The GDPR sets out the key principles that all personal data must be processed in line with.

 

Data must be:

  • processed lawfully, fairly and transparently

  • collected for specific, explicit and legitimate purposes; limited to what is necessary for the purposes for which it is processed

  • accurate and kept up to date; held securely

  • only retained for as long as is necessary for the reasons it was collected

There are also stronger rights for individuals regarding their own data.

 

The individual’s rights include:

  • to be informed about how their data is used

  • to have access to their data

  • to rectify incorrect information

  • to have their data erased

  • to restrict how their data is used

  • to move their data from one organisation to another

  • to object to their data being used at all

bottom of page