Data Protection
The law relating to data protection has changed and affects how the University collects, uses and manages personal data in relation to students, staff, research participants and third parties.
The General Data Protection Regulation (‘GDPR’) came into force on 25 May 2018, replacing the previous Data Protection Act 1998. It brought with it a wider definition of personal data and more strict requirements for data controllers such as the University, and how we process personal data.
The four key things for staff to remember are:
- Training – Familiarise yourself with key principles; engage with e-learning and training sessions. Ask questions.
- Manage – Ensure you understand how personal data is used and accessed.
- Protect – Establish security controls and follow best practice guidance to ensure data is safe and to limit risk.
- Report – Report all data breaches to the Data Protection Officer immediately.
Further detail and guidance can be found in these pages. If you have any queries which are not addressed in the information below, please e-mail GDPR@sussex.ac.uk.
Data Protection Officer
Data Protection Officer
Processing Personal Data
Data Protection Policy
Privacy Notice
Reporting Data Breaches
Rights of Individuals
Processing Personal Data
Data Protection Policy
Privacy Notice
Reporting Data Breaches
Rights of Individuals