Governance and Compliance

Data Protection

The law relating to data protection has changed and affects how the University collects, uses and manages personal data in relation to students, staff, research participants and third parties.

The General Data Protection Regulation (‘GDPR’) came into force on 25 May 2018, replacing the previous Data Protection Act 1998. It brought with it a wider definition of personal data and more strict requirements for data controllers such as the University, and how we process personal data.


The four key things for staff to remember are:

  1. Training – Familiarise yourself with key principles; engage with e-learning and training sessions. Ask questions.
  2. Manage – Ensure you understand how personal data is used and accessed.
  3. Protect – Establish security controls and follow best practice guidance to ensure data is safe and to limit risk.
  4. Report – Report all data breaches to the Data Protection Officer immediately.

Further detail and guidance can be found in these pages. If you have any queries which are not addressed in the information below, please e-mail

Data Protection Officer

Processing Personal Data

Data Protection Policy

Privacy Notice

Reporting Data Breaches

Rights of Individuals









Data Protection Officer