Data Protection policies

The University has a number of policies related to data protection and privacy, as below. It is important that all staff are aware of the content of the Data Protection and Information Security Policies, and the University's data classifications, which categorises different types of personal data based on the level of sensitivity and risk.

Data Protection Policy - IGP-02 (PDF, 372kB) - Sets out how the University processes the personal data it holds (relating to students, staff, research participants and other third parties). Outlines the University's responsibilities under data protection legislation and regulation, stating how it complies, and providing instruction for staff handling personal data.

Information Security Policy
The University's overarching information security policy, covering all forms of information (including personal data).

Staff data protection notice
How the University uses the personal data of its members of staff.

Student data protection notice
How the University uses the personal data of its students.

Research participant data protection notice
How the University uses the personal data of research participants.

Parent or carer data protection notice

How the University uses the personal data of students' parents or carers.

Data Protection Impact Assessment Policy - IGP-08 v1.1 (PDF, 475kB)‌

Identifying the need for, undertaking and implementing Data Protection Impact Assessments (DPIAs), as required by GDPR to address risks to individuals whose personal data is being processed. Data Protection Impact Assessment Screening Questions (Office document, 47kB) will determine whether a full DPIA is needed. The Data Protection Impact Assessment (DPIA) Form (Office document, 58kB) should be used to conduct a full DPIA.

Data protection statement for collaborative programmes of doctoral training

Details the use of personal data of applicants and students on collaborative programmes of doctoral training.

Information Classification Scheme - IGP-10 (PDF, 68kB)

Information Classification Scheme ‌
Classifications of the level of confidentiality of different types of University information (including personal data).

CCTV Code of Practice

Details of the purpose and operation of the University's CCTV system.

University Secretary's Office

Data Protection policies

Information for

Connect with us

Study at Bristol

Research

About the University

Support the University

Jobs

A–Z of the University