Policies and Statements

The Vice Chancellors Board has endorsed this policy to ensure that information stored and processed by the University, or on behalf of the University, across all University activities, in any form and in any location, is securely protected against the consequences of breaches of confidentiality, and failures of integrity or interruptions to the availability of that information.

The Information Security Policy is the top-level information Security Policy document for the University. There are other policies and procedures and standards that fall within this document:

• Information Security Classifications
• Data Security Policy for Portable Electronic Devices
• Acceptable Use Policy
• Records Management Policy

Data Protection and Disposal Policy

The Data Protection Act (DPA) aims to ensure personal privacy, through giving individuals rights with regards to information about themselves and putting responsibilities on organisations who process this information. When processing personal data, organisations must comply with the following principles:

1. Personal data shall be processed fairly and lawfully.
2. Personal data shall be obtained only for one or more specified purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
3. Personal data shall be adequate, relevant and not excessive.
4. Personal data shall be accurate and where necessary, kept up-to-date.
5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary.
6. Personal data shall be processed in accordance with the rights of data subjects under the Act.
7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
8. Personal data shall not be transferred to a country outside of the European Economic Area, unless that country ensures an adequate level of protection.

How we process your data

Policies 

• DATA PROTECTION AND DATA DISPOSAL POLICY
• Data Security Policy for Portable Electronic Devices
• Freedom of Information Policy
• Information Security Classifications
• Information Security Policy
• Mobile and Remote Working Policy
• Privacy Impact Assessment Policy
• Serious Information Governance Incident Procedure

Privacy Notices

• Alumni Privacy Notice
• Board of Governors Privacy Notice
• Events Privacy Notice 2022
• Generic Privacy Notice
• Research Participant Privacy Notice
• Staff Privacy Notice
• Staff Privacy Notice Table
• Student Privacy Notice
• Student Privacy Notice Table