Data Protection/GDPR

Data Protection legislation in the UK is currently governed by two main pieces of legislation, the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

The University creates, gathers, stores and processes large amounts of data on a variety of data subjects such as students, staff and customers. The University takes its responsibility seriously to ensure that data is secure and protected in line with the law. 

The University has prepared a suite of documentation which explains how it processes personal data, how it is kept securely and which provides guidance to staff

Data Protection (GDPR) Policy - The Policy sets out the responsibilities of the University, its staff and students to comply with the provisions of UK GDPR.

Data Protection (GDPR) Guidance Handbook – provides information and guidance on different aspects of data protection and security.

Forms and Templates - including DPIA forms and templates for privacy notices

Privacy Notices – These notices explain for our main groups of data subject, what we do with their personal data, who we share their data with and how we keep it secure.

Online GDPR Training - Training course on UK GDPR that is part of the staff induction material (this can be accessed your Portal 'My Staff Life' and 'HR&OD Staff Development Opportunities' then 'University Induction Information and Support'

Data Classification and Handling Policy – This policy provides a framework for classifying and handling data to ensure that an appropriate degree of protection is applied to all data held by the University.

If you need to report a data protection breach, please complete a Data Protection Breach web form (follow the links to IT > Cyber Security then use the 'Report a Data Protection Breach' button on the top right).  If you can't access the webform or need to provide further information email: databreach@stir.ac.uk.  

There is information about breaches in the GDPR Guidance Handbook.