Data Protection/GDPR

General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 replacing the Data Protection Act 1998. The UK will also be subject to a separate Data Protection Bill that will legislate on areas outside of the GDPR and those areas where member states are required to implement their own law. Once passed this will become the Data Protection Act 2018.

The University creates, gathers, stores and processes large amounts of data on a variety of data subjects such as students, staff and customers. The University takes its responsibility seriously to ensure that data is secure and protected in line with the law. 

The University has prepared a suite of documentation which explains how it processes personal data, how it is kept securely and which provides guidance to staff

GDPR Policy - The Policy sets out the responsibilities of the University, its staff and students to comply with the provisions of GDPR.

GDPR Guidance Handbook – provides information and guidance on different aspects of data protection and security.

Forms and Templates - including DPIA forms and templates for privacy notices

Privacy Notices – These notices explain for our main groups of data subject, what we do with their personal data, who we share their data with and how we keep it secure.

Online GDPR Training - Training course on GDPR that is part of the staff induction material

Data Classification and Handling Policy – This policy provides a framework for classifying and handling data to ensure that an appropriate degree of protection is applied to all data held by the University.

If you need to report a data protection breach please complete a Data Proection Breach web form (follow the links to IT > Cyber Security then use the 'Report a Data Protection Breach' button on the top right).  If you can't access the webform or need to provide further information email:  

There is information about breaches in the GDPR Guidance Handbook.