Introduction

The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018 and introduced the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

The new regulation aims to standardise data protection laws and processing across the EU, to provide individuals with stronger and more consistent rights to access, and to better control their personal information.

Our commitment

Herts for Learning Ltd, trading as HFL Education (HFL) is committed to ensuring the security and protection of the personal information that we process and to providing a compliant and consistent approach to data protection. We have always had a robust and effective data protection programme in place which complies with existing law and abides by the data protection principles. However, we have updated and expanded this programme to meet the demands of the GDPR and the UK’s Data Protection Bill.

HFL is dedicated to safeguarding the personal information under our remit and in ensuring that we have a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the Regulation. Our preparation and objectives for GDPR compliance have been summarised in this statement and include the development and implementation of new data protection roles, policies, procedures, controls and measures to ensure maximum and ongoing compliance.

Section 9 of our Terms and Conditions for the supply of goods provides further information about how HFL will use clients’ personal data in order to deliver a contract for the provision of goods and/or services by HFL.

Information security and technical and organisational measures
HFL takes the privacy and security of individuals and their personal information very seriously and take every reasonable measure and precaution to protect and secure the personal data that we process. We meet the requirements of Cyber Essentials accreditation, and have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures.

GDPR roles and employees

HFL has a designated Data Protection Officer and has appointed a team of GDPR Champions to continuously promote awareness of the GDPR across the organisation, monitor compliance, and implement the new data protection policies, procedures and measures, as and when appropriate.

HFL understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR. An ongoing employee engagement programme is in place for both new and existing employees. 

If you have any questions about our compliance to the GDPR, please contact dp.foi@hfleducation.org