Data Protection policies

The University has a number of policies related to data protection and privacy, as below. It is important that all staff are aware of the content of the Data Protection and Information Security Policies, and the University's data classifications, which categorises different types of personal data based on the level of sensitivity and risk.

Data Protection Policy - IGP-02 v1.4 (PDF, 347kB)

Sets out how the University processes the personal data it holds (relating to students, staff, research participants and other third parties). Outlines the University's responsibilities under data protection legislation and regulation, stating how it complies, and providing instruction for staff handling personal data.

Information Security Policy

The University's overarching information security policy, covering all forms of information (including personal data).

Staff data protection notice

How the University uses the personal data of its members of staff.

Student data protection notice

How the University uses the personal data of its students.

Research participant data protection notice

How the University uses the personal data of research participants.

Parent or carer data protection notice

How the University uses the personal data of students' parents or carers.

Data Protection Impact Assessment Policy - IGP-08 v1.1 (PDF, 475kB)

Identifying the need for, undertaking and implementing Data Protection Impact Assessments (DPIAs), as required by GDPR to address risks to individuals whose personal data is being processed. Data Protection Impact Assessment Screening Questions (Office document, 47kB) will determine whether a full DPIA is needed. The Data Protection Impact Assessment (DPIA) Form (Office document, 58kB) should be used to conduct a full DPIA.