New Data Protection Officer appointed

Tom Rottinghuis will be the main point of contact for all data protection enquiries

News story
Published on Monday 22 June 2026
Last updated on Monday 22 June 2026
View more announcements in Department of Risk, Resilience and Compliance

Portrait photo of Tom Rottinghuis — Tom Rottinghuis, new Data Protection Officer

Tom Rottinghuis replaces Sam Sherry as the University's new Data Protection Officer (DPO). This is an independent statutory role within the University’s Legal, Governance and Compliance department.

The University’s DPO provides advice and guidance on Data Protection, assesses risks relating to privacy, confidentiality and personal data, and works collaboratively across the University to embed robust safeguards in our policies and procedures.

The DPO also oversees Subject Access Requests (SARs) and related issues, and investigates data breaches and near misses. If you or a colleague has been approached about a SAR or are involved with a data breach, please contact the DPO at dataprotection@bath.ac.uk immediately.

Ian Blenkharn, University Secretary and Registrar said:

I'm delighted that Tom Rottinghuis will be joining us at a particularly exciting time for the University's information governance. Over the next few years, Tom will form an essential part of our team as we expand and focus on increasing the data literacy of the University and ensuring that the data of our students and staff remain secure and well managed.

Tom Rottinghuis said:

The University of Bath is incredibly impressive, innovative and vibrant and I am excited to have been appointed as your DPO. I will probably not convince everyone to share my passion for the GDPR, but I really look forward to working with you to ensure that procedures are not just legally compliant and ethical, but also realistic, and conducive to your work. Like Health and Safety, Data Protection is a shared responsibility, so please contact me if you have questions, suggestions or concerns!

Tom Rottinghuis joins us from The Forward Trust, a national social justice charity dedicated to empowering individuals to break the cycles of addiction, crime, homelessness, and long-term unemployment. The Forward Trust works at the crossroads of several highly regulated sectors and processes extensive special category, criminal offense, and other highly sensitive data of over 150,000 service users.

Besides his statutory duties as their DPO, Tom supported the charity in achieving ISO 27001:2022 certification and played a key role in the charity’s journey to responsibly adopt AI and other innovative systems. Tom also worked as DPO and in related roles for several other CQC-regulated charities, and for Brussels’ public libraries. Before pivoting into Data Protection, Tom worked for international non-profits and in the European Parliament.