You are here

Data Privacy

On 25 May 2018 The EU General Data Protection Regulation replaces the UK Data Protection Act 1998.  This legislation relates to the processing of personal data about identifiable, living individuals.

The University has to comply with the requirements of this legislation, which regulates the processing of personal data and protects the rights of individuals whom the data is about by placing duties on those who decide how and why such data is processed. More information about this and the legislation can be found by clicking on the links below and if you have any queries or concerns please email the University Data Protection Officer.

 

Glossary

Please view our data privacy gloassary below.

 

Applicable data protection legislation

 

The UK Data Protection Act 1998, the EU General Data Protection Regulation ((EU) 2016/679) and any applicable equivalent or replacement legislation.

 

Consent

 

Agreement which is freely given, specific, informed and unambiguous.

 

Data Breach

 

A personal data breach means the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.

 

Data Controller

 

The person or organisation that determines when, why and how to Process Personal Data.

 

Data Privacy Impact Assessment

 

Also: DPIA. A standard assessment used to identify and reduce risks of a data processing activity.

 

Data Processor

 

Any person, company or organisation (other than an employee of the data controller) who processes Personal Data on behalf of a Data Controller.

 

Data Protection Officer (DPO)

 

An internal, statutory role, required to monitor and promote compliance with data protection legislation.

 

Data Subject

 

Any living, identified or identifiable individual about whom we hold Personal Data.

 

Data Subject Rights

 

The rights granted to Data Subjects by the applicable data protection legislation, including the right of access to their Personal Data, the right to correct it, and the right to deletion (see below, section 12).

 

Personal Data

 

Any information identifying a Data Subject or from which we could identify a Data Subject. Personal Data includes “Special Categories” of sensitive personal data and Pseudonymised Data but not anonymised data (data where any identifying elements have been removed).

 

Special Categories of Personal Data

 

A special subset of Personal Data, being any information revealing racial or ethnic origin, political opinions, religious or similar beliefs, trade union membership, physical or mental health conditions, sexual life or sexual orientation, biometric or genetic data, and Personal Data relating to criminal offences and convictions.

 

Processing or Process

 

Any activity that involves the use of Personal Data, whether manual or electronic, including obtaining, recording or holding the data, organising, amending, transferring, retrieving, using, disclosing, erasing or destroying it.

 

Privacy Notices

 

Separate notices setting out information that may be provided to Data Subjects when the University collects information about them. These notices may apply to a specific group of individuals (for example, employees) or they may cover a specific purpose (such as filming on campus).

 

Pseudonymised Data

 

Data which has been modified to replace information that directly or indirectly identifies an individual with artificial identifiers or pseudonyms so that the person, to whom the data relates, cannot be identified without the use of additional information which is kept separately and secure.

 

Third Party

 

Anyone other than the Data Subject and the Data Controller.

Subject Access Request form

If you wish to request a copy of your personal data, known as a Subject Access Request (SAR) this must be made in writing (this includes email) to the Data Protection Officer (DPO). To help the DPO with the request and to ensure that your request is processed quickly, please complete the request form.

Training

All staff are expected to complete the University’s online Data Protection training module. The module is mandatory for anyone who has direct responsibility for handling data.

Our policies

Cookie information

Our University