Division of the General Counsel, Governance and Compliance

Data Protection

**These Data Protection webpages are currently being updated to reflect changes in legislation and to provide additional guidance and resources. Please check back in mid-March 2021 for our updated guidance but if you can’t find the information you need in the meantime, please contact the Information Management team.**


The law relating to data protection has changed and affects how the University collects, uses and manages personal data in relation to students, staff, research participants and third parties.

The General Data Protection Regulation (‘GDPR’) came into force on 25 May 2018, replacing the previous Data Protection Act 1998. It brought with it a wider definition of personal data and more strict requirements for data controllers such as the University, and how we process personal data.


The four key things for staff to remember are:

  1. Training – Familiarise yourself with key principles; engage with e-learning and training sessions. Ask questions.
  2. Manage – Ensure you understand how personal data is used and accessed.
  3. Protect – Establish security controls and follow best practice guidance to ensure data is safe and to limit risk.
  4. Report – Report all data breaches to the Data Protection Officer immediately.

Further detail and guidance can be found in these pages. If you have any queries which are not addressed in the information below, please e-mail GDPR@sussex.ac.uk.

Data Protection Officer

Processing Personal Data

Data Protection Policy

Privacy Notice

Reporting Data Breaches

Rights of Individuals