The University takes individuals’ privacy very seriously and is committed to compliance with its obligations under data protection law.

Data Protection Law

The General Data Protection Regulation (EU) 2016/679 (GDPR) and the Data Protection Act 2018 (DPA) (together the “Data Protection Legislation”) govern how the University collects and uses individuals’ information and the rights of individuals in respect of that information. The University is obliged to comply with the 6 data personal data principles of the GDPR:

  • Lawfulness, fairness and transparency: personal data shall be processed lawfully, fairly and in a transparent manner
  • Limited to purpose: personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (historical research and statistical purposes and public interest archiving excepted)
  • Data minimisation: personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
  • Accuracy: personal data shall be accurate and, where necessary, kept up to date
  • Limited storage: personal data shall be kept in a form which permits identification of the data subject for no longer than is necessary for the purposes for which the personal data are processed (historical research and statistical purposes and public interest archiving excepted, subject to appropriate safeguards)
  • Integrity and Confidentiality: personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures

How we comply with the above requirements is set out in the University’s Data Protection Policy.


Your rights under Data Protection Legislation

The University of Huddersfield takes your rights under Data Protection Legislation very seriously. To find out more about your rights under Data Protection Legislation.


How does the University handle data? -"Privacy Notices"

The University describes in general terms how personal data is handled. These descriptions are called "Privacy Notices" and links to the University’s privacy notices are set out below. In addition, specialist areas such as the Podiatry Clinic will have their own notice which they can provide you with on request.

The University’s Data Protection Officer is responsible for managing the University’s Data Protection compliance as well as coordinating data protection requests from individuals. The Data Protection Officer can be contacted as

Further general guidance is also available from the Information Commissioner's Office


Guidance for Staff

Please see the University’s Data Protection portal for staff, which includes data protection guidance and the answers to frequently asked questions.

Good records management, information security and adherence to the University retention schedule will help the University comply with the Act. The way our staff go about their daily tasks is vital to this. Please see the Records Management and Information Security webpages for further information.

If you need to notify the University of a suspected data breach, please complete the Data Breach Evaluation Form.



CCTV Code of Practice

Download the PDF regarding CCTV Code of Practice

Data Breach Reporting

Find out more about Data Breach Reporting

Guidance for Staff

Find out more about Guidance for Staff

Record of Processing Activities

Find out more about the Record of Processing Activities