Data Protection
The General Data Protection Regulations (GDPR) and the UK Data Protection Act governs how personal information should be processed by organisations. The College is the data controller, which means the College is responsible for compliance with GDPR and the Act.
Since 25 May 2018, the legislation in the UK is the EU General Data Protection Regulation (GDPR), coupled with the UK Data Protection Act 2018 (DPA 2018) that supplements the GDPR in specific ways. These two pieces of legislation replaced the Data Protection Act 1998 (DPA 1998). All of the legislation is based around the notions of principles, rights and accountability obligations. The legislation is regulated in the UK by the Information Commissioner’s Office (ICO) as well as the courts.
The College recognises that having controls around the collection, use, retention and destruction of Personal Data is important in order to comply with the College’s obligations under Data Protection Laws and in particular its obligations under Article 5 of GDPR. See below the Colleges Data Protection Policy, your Individual Rights Regarding Personal Data, along with the procedure for Subject Access Request.
Contacted: 0121 446 4545 or alternatively email dpo@bmet.ac.uk
Data Protection Policies
General Data Protection Policy
This Policy sets out the basis on which the College will collect and use Personal Data either where the College collects it from individuals itself, or where it is provided to the College by third parties.
Data Breach
If you think there has been a data breach, immediately report this to the Data Protection Officer, on 0121 446 4545 or alternatively email dpo@bmet.ac.uk
Privacy Notice
Birmingham Metropolitan College is the data controller of personal information about you. We are responsible for the personal data that you provide to us. We have strict policies and processes in place to ensure that it remains safe whilst in our possession.
Individual Rights Regarding Personal Data
Data subjects have a range of specific rights that they can exercise under GDPR.
Subject Access Request
Here you can find out how to make a Subject Access Request or a CCTV Subject Access Request.
Data Retention and Disposal Policy
GDPR requires that Colleges should not keep personal data for longer than is necessary. This policy aims to set out the College’s data retention periods that need to be adhered to by all members of staff.