Data Protection

The University of Liverpool obtains and uses large amounts of personal information about our students, alumni, staff, contractors, research participants and other individuals that encounter us.

This information is defined as personal data in the General Data Protection Regulation (GDPR) and Data Protection Act 2018.

Any action carried out which relates to personal information is known as processing. The University is the Data Controller for the personal information it processes. We process this information for a variety of reasons in order to carry out our academic, employer and other administrative functions and to meet our legal obligations to funding bodies and government. 

To comply with the law, information must be collected and used fairly, stored safely and not disclosed unlawfully.  To do this, the University must comply with the Data Protection Principles, which are set out in the General Data Protection Regulation EU2016/679 (GDPR). Although we have elected to leave the EU, the UK has specifically chosen to adopt this EU regulation and has implemented it into UK legislation in the form of the Data Protection Bill. 

You can find out how the University uses personal information and the rights individuals have to control and manage their data from these web pages.

Further information

Information and advice on University-related data protection matters can be obtained from Vicki Heath at

More detailed information can be found on the Information Commissioner' Office (ICO) website.