• Back to previous menu
• Data Protection
• • Data Protection Impact Assessments
  • Data Protection Officer
  • Data Protection Policy
  • Information Asset Registers
  • Privacy Notice
  • Processing Personal Data
  • Reporting Data Breaches
  • Rights of Individuals
  • Right to Erasure
  • Transfers Outside the EEA
  • Glossary
  • Research and GDPR
  • E-Learning and Training
  • Record of Processing Activities
  • Research Excellence Framework 2021 and data protection
  • Online Teaching and Data Protection
  • Data Protection Guidance for Email Correspondence
  • Disclosure of Personal Data Relating to Students
  • COVID-19 and Personal Data Collection
  • Special category and criminal offence data
  • Surveys and mailing lists

Data Protection

The law relating to data protection has changed and affects how the University collects, uses and manages personal data in relation to students, staff, research participants and third parties.

The General Data Protection Regulation (‘GDPR’) came into force on 25 May 2018, replacing the previous Data Protection Act 1998. It brought with it a wider definition of personal data and more strict requirements for data controllers such as the University, and how we process personal data.

The four key things for staff to remember are:

1. Training – Familiarise yourself with key principles; engage with e-learning and training sessions. Ask questions.
2. Manage – Ensure you understand how personal data is used and accessed.
3. Protect – Establish security controls and follow best practice guidance to ensure data is safe and to limit risk.
4. Report – Report all data breaches to the Data Protection Officer immediately.

Further detail and guidance can be found in these pages. If you have any queries which are not addressed in the information below, please e-mail GDPR@sussex.ac.uk.

Data Protection Officer

Processing Personal Data

Data Protection Policy

Privacy Notice

Reporting Data Breaches

Rights of Individuals