GDPR Policy

The General Data Protection Regulation (GDPR) is European legislation that's replacing the Data Protection Act in May 2018. The core rules for looking after personal data remain in line with existing principles, but there are stricter standards to adhere to, and increased penalties for non-compliance.

All staff and students must comply with to the HSA’s Data Protection Policy and Acceptable Use Policy: These policies will be published here in the near future:

  • Privacy Notice - GDPR
  • Data Protection Policy
  • IT and Security Acceptable Use Policy for Staff and Students

Staff and students are asked to be mindful of potential data breaches at all times. A personal data security breach may come from:

  • Theft
  • A deliberate attack on your systems
  • Unauthorised use of your own personal data
  • Accidental loss or equipment failure.

Should you have any queries relating to GDPR at HSA or wish to report a data breach or potential data breach please contact HSA’s Data Protection Officer:

Data Protection Officer (DPO)
Janice Richardson - Operations Director
Heritage Skills Academy, Main Stores 90, Bicester Heritage, Buckingham Road, Bicester, Oxon. OX27 8AL

Note to staff: Breaches can occur at any time and it may not always be possible to reach the DPO so any opportunity to contain the breach should be taken immediately. Examples of this include:

  • Removing a webpage
  • Informing unauthourised recipients of an email to delete it and not share it further
  • Disconnecting your device from any the College networks
  • Informing Technical Services staff or your line manager


Keep up with the latest news, apprenticeships and events. Subscribe to our newsletter.