Division of General Counsel, Governance and Compliance

Data Protection

As part of the Information Management team's remit, we provide a range of assistance relating to data protection matters at the University. To help provide colleagues with day-to-day data protection advice and support, we have published a variety of guidance on our webpages - you can explore this using the buttons below and the links on the left side of the page.

We are currently in the process of reviewing our content and adding new content, particularly as data protection legislation* in the UK continues to evolve. If you have any queries that aren't covered on our pages, or about any of the published guidance, please contact the team.

Data Protection Legislation

The data protection legislative framework changed at the start of 2021 following the end of the Brexit transition period. The following data protection requirements apply in the UK and to the University whenever we are processing personal data:

  • The Data Protection Act 2018,
  • The UK's General Data Protection Regulation, and
  • Any codes of practice issued by the Information Commissioner's Office.

Although the UK is no longer part of the European Union, the EU's General Data Protection Regulation 2016/679 does still apply where the University is processing personal data related to i) the offering of goods and services to EU citizens or ii) monitoring of the behaviour of EU cititzens, where behaviour takes place within the EU.

*We collectively refer to the above as 'data protection legislation' rather than list the different laws individually. So when you see reference to 'data protection legislation' in our webpages, policies and guidance, this is what it means.


Data Protection Officer

Processing Personal Data

Data Protection Policy

Privacy Notice

Reporting Data Breaches

Rights of Individuals








Last updated 01 March 2024