Policies and Guidance

The University’s Data Protection Policy details how personal information will be processed by the University and applies to employees, contractors, University partners and external collaborators and visitors who may be authorised to access personal data held by the institution

The University's 'Appropriate Policy Document' sets out how the University will protect special category and criminal conviction information.  

Information Management Policy This policy outlines the University’s approach to information management at a high-level.

The Data Incident Procedure is to be followed when there has been a breach that involves personal data and breaches should be reported via the Data Incident Notification Form

Individuals involved in formal University Research (research staff & postgraduate and doctoral research) for which the University is a data controller must process personal data in line with the Guidance for University Researchers.  Students undertaking research work as part of their Undergraduate or Masters studies are considered to be themselves data controllers and should consider the following guidance.

For further information on 'Data Sharing' please view our webpages.

Further policies and guidance relating to data protection are available on the University's internal 'Connect' site.