Data Protection

The Data Protection Act (“the Act”) came into force on 1^st March 2000. The Act is derived from Article 8 of the European Convention on Human Rights 1950 that provides a “right to respect for one’s private and family life, his home and his correspondence”, essentially personal privacy.

The Act gives individuals rights over their personal data and protects individuals from the erroneous use of their personal data. The Act also requires anyone who handles personal data to comply with a number of important principles and legal obligations.

These pages provide advice and guidance on a number of different University areas (as below) in which the Act is relevant.

General information about the Act

Includes glossary, the Data Protection Principles, exemptions and offences under the Act.

Guidelines and Policies

Includes Data Protection guidelines, CCTV Code of Practice and advice on writing references.

Training

Mandatory online data security training module for all University staff and a more detailed module covering all aspects of the Data Protection Act.

Advice for Faculties and Departments

Includes advice on collecting personal data, access to exam marks/scripts and processing data off campus.

Advice for Individuals

Includes information on how to access your personal data.

Advice on Research

Includes information regarding consent, anonymisation of records and the use of clinical photography and digital recordings.

Information Security

Web pages maintained by IT Services (in partnership with the Secretary's Office) offering advice and guidance in relation to a variety of information security issues.

Latest news

Includes University news and updates on data protection and news and views from the Information Commissioner's Office.