The EU General Data Protection Regulation (“GDPR”) came into force across the European Union on 25th May 2018 and introduced the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.

    The new regulation aims to standardise data protection laws and processing across the EU, to provide individuals with stronger and more consistent rights to access, and to better control their personal information.

    Our commitment

    HFL Education is committed to ensuring the security and protection of the personal information that we process and providing a compliant and consistent approach to data protection across the organisation. We have a robust and effective data protection programme in place, which complies with the UK General Data Protection Regulation (GDPR) and Data Protection Act 2018.

    HFL is dedicated to safeguarding the personal information under our remit and in ensuring that we have a data protection regime in place that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the GDPR and our legal obligations.

    Information security and technical and organisational measures

    HFL takes the privacy and security of individuals and their personal information very seriously and takes every reasonable measure and precaution to protect and secure the personal data that we process. We meet the requirements of Cyber Essentials accreditation, and have robust information security policies and procedures in place to protect personal information from unauthorised access, alteration, disclosure or destruction and have several layers of security measures.

    GDPR roles and employees

    HFL has a designated Data Protection Officer (and deputies) and a team of GDPR Champions in place to continuously promote awareness of the GDPR across the organisation, monitor compliance, and implement data protection policies, procedures and measures, as and when appropriate.

    HFL understands that continuous employee awareness and understanding is vital to the continued compliance of the GDPR.  An ongoing employee engagement programme is in place for both new and existing employees.

    If you have any questions about HFL’s compliance to the GDPR, please contact our Data Protection Officer at

    Contact details