Our Data Protection Policy was approved by the University Court in February 2018  and covers our legal obligations under the EU General Data Protection Regulation (the GDPR) and the UK Data Protection Act 2018.

The pages below break down our policy into HTML pages which we hope users will find useful. At present we have constructed pages on:

  • our Data Protection Policy
  • how we monitor, evaluate and implement the policy
  • how to deal with subject access requests
  • the roles and responsibilities under data protection
  • data protection terminology

We are also planning to construct pages which will provide guidance on:

  • data processing agreements
  • informed consent for recordings and images
  • conditions for processing personal and 'sensitive personal' data
  • privacy and electronic communication regulations (referred to as PECR) covering:
    • marketing calls, emails, texts and faxes
    • cookies (and similar technologies)
    • keeping communications services secure
    • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings

These pages will be periodically updated and we will notify colleagues when new information or guidance is available.