The GDPR is a piece of EU legislation implemented by the UK government that aims to make it simpler for people to control how organisations use their personal details (name, address, school exam results etc).
GDPR requires any organisation that processes personal data to make the following clear to those they hold data on:
- What personal data we collect and hold
- Why we collect and hold the data
- How we use the data
- How long we keep the data
- Their data rights
The privacy notices below explain this in more detail.