Data Protection

The Data Protection Act sets the rules for the handling of personal information by the University both electronically and manually. Personal information is all information regardless of format held by the University about identifiable living individuals. It aims to promote high standards in the handling of personal information and to protect the individual’s right to privacy. To do this the Data Protection Act has 8 principles of good information handling. These principles are detailed in the University Code of Practice and practical demonstrations of each principle are given in the DP Training pages.

Each Faculty and Service has a DP Contact to assist with compliance of DP in their area. Specific advice is available for staff and students dealing with individual projects that include personal data.

Actions that the University takes to ensure that its staff and students comply with the requirements of the Data Protection Act:

• All staff/students must comply with the University's Data Protection Code of Practice.

• The University must inform the Information Commissioner of all the uses it makes of the information that it collects. These uses are published by the Commissioner on his web pages. All staff/students must only process personal information in line with the requirements of the Data Protection Notification guidelines.

• All staff/students are informed of the use to which the University puts the information it collects on students in the Student Data Protection Processing Statement.

• Each member of Senior Management Team is responsible for the implementation of the Data Protection Act in their areas. They appoint Data Protection Contacts to formulate, maintain and develop procedures to be followed in their Faulty or Service to ensure that they can meet the requirements of the Act. View list of Data Protection Contacts.

• The Data Protection Code of Practice sets out the requirement for a biennial audit of Data Protection Procedures in Facuties and Services to check that actions taken in respect of personal information in the University comply with the requirements of the Data Protection Act. Procedures have been developed on how this audit should be conducted and these can ve viewed at Data Protection Audit- How to Carry out the University Data Protection Audit.

• The University provides detailed Data Protection Training for staff and students on specific Data Protection issues.

Contact: Alex Bostock, Ext 2561