The University of Suffolk has to comply with the UK General Data Protection Regulations (UK GDPR) which is tailored by the Data Protection Act 1998.
Under these regulations we have a duty to protect any personal data that we hold about you. This legislation relates to the processing of personal data about identifiable, living individuals. Under this legislation there are requirements which the University has to comply with for the processing of data, ensuring that the rights of individuals are protected and placing duties upon those who decide who and why such data is processed.
The Data Governance Team is your first point of call for all your questions regarding data governance. A snapshot of the areas in which we can assist you with are as follows:
Freedom of Information Requests (FOI)
Subject Access Requests (SAR)
Data Protection Impact Assessments (DPIA)
Data Breaches (internal and external)
Data Sharing Agreements
Advice and Guidance on Data Protection Matters
The Data Governance Team is made up of the following members of staff:
Fiona Fisk – Academic Registrar & Data Protection Officer
Hayley Lamb - Head of Data Governance
Tori Matthews – Directorate Co-ordinator, Student Life and Registry Services / Professional Assistant to the Academic Registrar
All email enquiries relating to data protection should be directed to the central email address email@example.com.
Please view our data privacy glossary below.
Applicable data protection legislation
The UK Data Protection Act 1998, the EU General Data Protection Regulation ((EU) 2016/679) and any applicable equivalent or replacement legislation.
Agreement which is freely given, specific, informed and unambiguous.
A personal data breach means the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
The person or organisation that determines when, why and how to Process Personal Data.
Data Privacy Impact Assessment
Also: DPIA. A standard assessment used to identify and reduce risks of a data processing activity.
Any person, company or organisation (other than an employee of the data controller) who processes Personal Data on behalf of a Data Controller.
Data Protection Officer (DPO)
An internal, statutory role, required to monitor and promote compliance with data protection legislation.
Any living, identified or identifiable individual about whom we hold Personal Data.
Data Subject Rights
The rights granted to Data Subjects by the applicable data protection legislation, including the right of access to their Personal Data, the right to correct it, and the right to deletion (see below, section 12).
Any information identifying a Data Subject or from which we could identify a Data Subject. Personal Data includes “Special Categories” of sensitive personal data and Pseudonymised Data but not anonymised data (data where any identifying elements have been removed).
Special Categories of Personal Data
A special subset of Personal Data, being any information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.
Processing or Process
Any activity that involves the use of Personal Data, whether manual or electronic, including obtaining, recording or holding the data, organising, amending, transferring, retrieving, using, disclosing, erasing or destroying it.
Separate notices setting out information that may be provided to Data Subjects when the University collects information about them. These notices may apply to a specific group of individuals (for example, employees) or they may cover a specific purpose (such as filming on campus).
Data which has been modified to replace information that directly or indirectly identifies an individual with artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is kept separately and secure.
Anyone other than the Data Subject and the Data Controller.
Under the Freedom of Information Act 2000, the University of Suffolk has to ensure that it makes certain information publicly available through a Publication Scheme. This scheme is a clear and structured way of presenting all of the information that it is obligated to provide.
The University's Publication Scheme covers:
- Who we are and what we are about
- What we spend and how we spend it
- What our priorities are and how we are doing
- How we make our decisions
- Our Policies and Procedures
- Lists and registers
- The services we offer
- Student charter
Our Publication Scheme is in line with the guidelines issued by the Information Commissioners Website (ICO).
In most cases, copies of these documents will be available in hard copy upon request. However, the University does reserve the right to restrict some documents from being obtainable in this format.
The Published Information Group chaired by the Director of External Relations meets regularly to review the information available through the scheme and ensures updates take place where and when necessary.
The University's Data Management Policy which relates to all things
Please view our privacy notices below:
- Student and Applicant Privacy Notice
- Employees & Other Workers Privacy Notice
- Alumni Relations and Development Team Privacy Notice
- Privacy notice for international applicants
- Student Life privacy notice
- The Office of Strategic and Philanthropic Relations privacy notice
- Enquiry form privacy notice
- DBS privacy notice
- Online Chat privacy notice
- Graduation privacy notice
- Post Graduate Surveys Privacy Notice
If you wish to request a copy of your personal data, known as a Subject Access Request (SAR) this must be made in writing (this includes email) to the Data Protection Officer (DPO). To help the DPO with the request and to ensure that your request is processed quickly, please complete the request form.
Freedom of Information
Under the rights established by the Freedom of Information Act 2000, any individual from anywhere in the world has the right to request access to any recorded information being held by the University of Suffolk. It should be noted, however, that some categories of information are exempt and will not be passed on - personal information, for example.
Please note that all information on the University of Suffolk website is provided free of charge. Other information may be provided free of charge, but we reserve the right to make an administrative charge if necessary.
We have made a lot of information available in the Publication Scheme webpages. Please check if the information you require is here before you make an information request.
How to make an information request
The University of Suffolk has a code of practice for managing Freedom of Information requests. All requests for information and all related enquiries should be made by completing the Freedom of Information Request form or by emailing firstname.lastname@example.org and be clearly labelled Freedom of Information request. Such requests will be passed on to the appropriate person and we will respond within 20 working days.
All staff are expected to complete the University’s online Data Protection training module. The module is mandatory for anyone who has direct responsibility for handling data.