Data Protection policies

The University has a number of policies related to data protection and privacy, as below. It is important that all staff are aware of the content of the Data protection and Information security policies, and the University's data classifications, which categorise different types of personal data based on the level of sensitivity and risk.

ICP-02 Data protection policy

This policy sets out how the University processes the personal data that it holds (relating to students, staff, research participants and third parties). It outlines the University’s responsibilities under data protection legislation and regulation, setting out how it will comply, and provides instruction for staff handling personal data

ISP-01 Information security policy

The University's overarching Information security policy, covering all forms of information (including personal data).

Data Protection Impact Assessments

Identifying the need for, undertaking and implementing Data Protection Impact Assessments (DPIAs), as required by GDPR to address risks to individuals whose personal data is being processed. Data Protection Impact Assessment Screening Questions (Office document, 47kB) will determine whether a full DPIA is needed. The Data Protection Impact Assessment (DPIA) Form (Office document, 58kB) should be used to conduct a full DPIA.

Information classification

Classifications of the level of confidentiality of different types of University information (including personal data).

CCTV Code of Practice

Details of the purpose and operation of the University's CCTV system.