Data protection legislation

Our Data Protection Policy was approved by the University Court in December 2021  and covers our legal obligations under the EU General Data Protection Regulation (the GDPR), the UK GDPR and the UK Data Protection Act 2018, alongside all the other privacy laws that apply in the jurisdictions where the University operates. EU General Data Protection Regulation (the GDPR) and the UK Data Protection Act 2018.

The pages below break down our policy into HTML pages which we hope users will find useful. At present we have constructed pages on:

  • our data protection policy
  • how we monitor, evaluate and implement the policy
  • how to deal with subject access requests
  • the roles and responsibilities under data protection
  • data protection terminology.

We are also planning to construct pages which will provide guidance on:

  • data processing agreements
  • informed consent for recordings and images
  • conditions for processing personal and 'sensitive personal' data
  • privacy and electronic communication regulations (referred to as PECR) covering:
    • marketing calls, emails, texts and faxes
    • cookies (and similar technologies)
    • keeping communications services secure
    • customer privacy as regards traffic and location data, itemised billing, line identification, and directory listings.

These pages will be periodically updated and we will notify colleagues when new information or guidance is available.

Key information

Ann Jones