Data Protection Act

The 1998 Data Protection Act first came into effect in March 2000. Underlying the Act is a set of principles governing good practice, and the University is required to notify its use of personal data to the Information Commissioner where it is published in a public register. 

To assist staff and students to comply with the Act, the University has issued Guidance Notes and formally adopted a Data Protection Policy.

The Policy provides information on:

  • The Principles
  • The Notification of Data Held and Processed
  • Responsibilities of Staff and Students
  • Data Security
  • Rights to Access Information
  • Publication of University Information
  • Subject Consent
  • Retention of Data

The Guidance Notes contain further information on:

  • The scope of the 1998 Act
  • Notification (including registration number)
  • Staff Guidelines for Data Protection
  • Data Security
  • Use of Personal Data for Research Purposes
  • References
  • Staff Checklist for Recording Data

Any formal requests from data subjects regarding information held on them must be referred to Mr Kevan Ryan, no matter which office or department is processing the information.

Further information

Further information and advice on University-related matters can be obtained from Kevan Ryan (Director of Legal & Compliance, ext. 42110).

More detailed information can be found on the Information Commissioner website.

General Data Protection Regulation

On 25 May 2018 the General Data Protection Regulation (GDPR) EU2016/679 will replace the Data Protection Act 1998. The University is preparing for GDPR implementation and will be updating this page to reflect any relevant changes in our policies and procedures.