Skip to navigation | Skip to main content | Skip to footer
Search the Staffnet siteSearch StaffNet


The University needs to hold and process large amounts of personal data about its students, employees, alumni, contractors, research subjects and other individuals in order to carry out its business and administrative functions. This data is subject to the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 and concerns all administrative, academic and commercial areas within the University.

The University must ensure that it fully complies with the provisions of data protection law. It is important that all staff members who work with personal data familiarise themselves with data protection principles and our obligations. Failures or weaknesses in our processing of personal data can result in significant harm and distress to individuals who may be affected and may also cause significant reputational damage to the University.

This website has been designed to provide guidance on data protection for University staff and students who are involved in the handling of personal data and to develop a better understanding of the University's obligations in relation to processing personal data.

What is personal data?

Personal data is any information relating to an identified or identifiable person – this could include reference to their name, identification number, location/address, or other factors relating to their identity. This includes information which can be combined with other information to identify a person.

For example this could be:

- a list of addresses (including email);
- electronic identifiers, (including RFiDs, IP Addresses because these can be combined with other information held eslewhere to identify a person)
- special category information (including People & OD records concerning race, gender, union membership etc ) concerning staff and students
- candidates CVs or application information;
- correspondence with staff relating to sickness; and so on.

If you’re not sure if something is classed as personal data contact your Information Governance Guardian.