The GDPR is a piece of EU legislation implemented by the UK government that aims to make it simpler for people to control how organisations use their personal details (name, address, school exam results etc).
GDPR requires any organisation that processes personal data to make the following clear to those they hold data on:
- What personal data they collect and hold
- Why they collect and hold the data
- How they use the data
- How long they keep the data
- Their data rights
The privacy notices below explain this in more detail.