The Data Protection Act 1998 governs the handling of data held about individuals and the rights of individuals to access that data. The University is obliged to comply with the 8 principles of the Data Protection Act for handling personal data as follows:
The University’s Data Protection Policy sets out how the University aims to comply with the Data Protection Act 1998. Details are also available to all staff and students as to how personal information is handled – these are provided below and can also be found in the Staff Handbook and Students' Handbook of Regulations.
Further general guidance is available from the Information Commissioner's Office .
Good records management and information security will help the University comply with the Act. The way our staff go about their daily tasks is vital to this. The University Solictor is the University's Data Protection Officer and is responsible for providing help and guidance on applying the Data Protection Act, as well as for co-ordinating subject access requests from individuals.
Some individual areas of the University have specific and additional Data Protection and/or Confidentiality Policies, for example, Student Services or the Podiatry Clinic, because their work is of a very specialist nature or may involve people who are not staff or students of the University.
Under the Data Protection Act 1998 individuals have the right to ask whether information is held about them and if so what it is. This is called a "subject access request". Please complete the Subject Access Request Form and return it to the University Solicitor (address on the form) with evidence of your identity and the £10 subject access request fee.
Further information about subject access requests can be obtained from the Information Commissioner's Office.
The University describes in general terms how personal data is handled. These descriptions are called "Privacy Notices".