Skip to main content

Data Protection at the University

Provides individuals with the right to know what information is held about them by the University and how to request access to it.

Data protection

The Data Protection Act provides individuals with the right to know what information is held about them by the University and get access to it. Our Data Protection Policy.

The Data Protection team manages requests for personal information and provides guidance and support to staff, students and individuals to ensure the University is in compliance with the Act.

In May 2018 The General Data Protection Regulation (GDPR) came into force in the EU and a new UK Data Protection Act 2018 (implementing the GDPR in the UK) replaced the old 1998 Data Protection Act (DPA). GDPR update

Request personal information

You can obtain copies of information that we hold about you by submitting a Subject Access Request to the Data Protection Team:

Manage personal information

If you are involved in collecting, managing and storing personal information in your role at the University, you must understand and apply the Six Principles of Data Protection to your work.

To help understand your main responsibilities, we have provided guidance on:

We've also provided specific guidance on complying with the data protection act including how to respond to requests for information, supervising research students and the process for filming or photographing on campus.

Report a breach

Data Protection applies to all staff. A serious breach of one or more of the Data Protection principles can result in a fine of up to £17 million from the Information Commissioner. Individuals can also face criminal charges under certain conditions.

If you think there has been a breach, or potential for a breach, of the Act, then you must follow our guidance and report it immediately.


For any questions or concerns about Data Protection at the University, email the Data Protection team.