Planning, Governance and Compliance

Data Protection

The law relating to data protection is changing and affects how the University collects, uses and manages personal data in relation to students, staff, research participants and third parties.

The General Data Protection Regulation (‘GDPR’) comes into force from 25 May 2018 and replaces the previous Data Protection Act 1998. It brings with it a wider definition of personal data and more strict requirements for data controllers such as the University, and how we process personal data.


The four key things for staff to remember are:

  1. Training – Familiarise yourself with key principles; engage with e-learning and training sessions. Ask questions.
  2. Manage – Ensure you understand how personal data is used and accessed.
  3. Protect – Establish security controls and follow best practice guidance to ensure data is safe and to limit risk.
  4. Report – Report all data breaches to the Data Protection Officer immediately.

Further detail and guidance can be found in these pages. If you have any queries which are not addressed in the information below, please e-mail

Data Protection Officer

Processing Personal Data

Data Protection Policy

Privacy Notice

Reporting Data Breaches

Rights of Individuals









Data Protection Officer