Information security and privacy

The British Council is the United Kingdom’s international organisation for cultural relations and educational opportunities.

We collect and use personal information to offer people information, products and services. This policy will apply in all locations where we operate to all forms of information and to all systems used to collect, store, process or transfer information.

In countries where there are different privacy and data protection laws, we will comply with those laws where they meet internationally accepted privacy principles and fair information practices.

The British Council is committed to:

  •  protecting the confidentiality, integrity and availability of the information it collects, stores, transfers and processes in accordance with UK law and international good practice, and to meeting its legal requirements and contractual obligations
  • explaining why it needs personal information and only asking for the personal information it needs
  • only sharing personal information within the British Council and with other organisations as necessary or where the person concerned has given their consent
  • allowing people to request access to the personal information it holds on them and to complain if they believe their information has been mishandled
  • not keeping personal information for longer than necessary
  • taking measures to protect the rights and freedoms of individuals whose personal information may be transferred to countries with differing data protection laws
  • ensuring that actual or suspected breaches of information security are reported and investigated
  • assessing and measuring the maturity of its information security controls annually
  • applying these standards to its supply chain and delivery partners

We will provide adequate and appropriate resources to implement this policy and will ensure it is communicated and understood.

The British Council will review this global policy statement annually to reflect new legal and regulatory developments and ensure good practice.

This global policy statement was approved by Sir Ciarán Devane, Chief Executive, in February 2017 and is due for review in February 2018.