Data Protection

The General Data Protection Regulation EU2016/679 (GDPR) and Data Protection Act 2018 gives us responsibilities in the way we handle personal information. 

The University processes large volumes of personal data in relation to its students, alumni and staff. It also processes personal data of participants in research projects.  

To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully.

Any action carried out which relates to personal information is known as processing. The University is the Data Controller for the personal information it processes. We process this information for a variety of reasons in order to carry out our academic, employer and other administrative functions and to meet our legal obligations to funding bodies and government. The Information Commissioner's website is the best source of information about your data protection rights as they apply in the UK. 

For information on how we use personal data, see our privacy notices

The Data Protection Policy sets out how personal data will be managed by the University, and explains responsibilities.

One of the most common ways in which people exercise their data protection rights is to request a copy of the information an organisation holds about them.

If you would like to make a request to the University of Liverpool for the data we hold about you, see accessing your information

Our guidance for University staff page has further information.

If you have questions about data protection at the University of Liverpool, contact our Legal & Governance team at or by telephone on +44 (0)151 795 0523.

The University's Data Protection Manager is Daniel Howarth.