GDPR - General Data Protection Regulations

Data protection legislation sets out rules and standards for the use and handling (‘processing’) of information (‘personal data’) about living identifiable individuals (‘data subjects’) by organisations (‘data controllers’).

The law applies to organisations in all sectors, both public and private.  It applies to all electronic records as well as many paper records. It doesn’t apply to anonymous information or to information about the deceased.

The Trust GDPR Policy suite can be accessed on the Trust Policies page.



The Trust as the Data Controller follows the 7 principles for processing:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability


Lawful Basis for Processing

The Trust must have a lawful basis for processing personal information, which are:

  • Consent
  • Contract
  • Legal obligation
  • Vital interests
  • Public task
  • Legitimate interest


Withdrawal of Consent

If the Trust has used consent as the lawful basis for processing personal information you have the right to withdraw this consent at any time. If you would like to withdraw your consent, please contact the Trust Data Protection Officer at info@phplaw.co.uk 


Privacy Notices

An important aspect of complying with data protection legislation is being open and transparent with individuals about how their personal data will be used.  This is achieved through the publication of privacy notices. The Trust’s Privacy Notices UKare available below.


Data breaches

One of the most important accountability obligations concerns personal data breaches – that is, personal data held by the Trust is lost, stolen, inadvertently disclosed to an external party, or accidentally published.  If this occurs, this will be immediately reported to the Data Protection Officer at info@phplaw.co.uk 

Remedial work can then be done so that the breach can be contained. On occasion, we need to report breaches to relevant external authorities, including the ICO, within a short timeframe.


Trust Data Protection Officer (DPO) Service Provider:



Primary Contact:

John Walker

E: info@phplaw.co.uk