Data protection is a set of good practice rules for handling information about people and should ensure that people trust you to use their data fairly and responsibly.

If you collect information about individuals for any reason other than your own personal, family or household purposes, you need to comply.

The rules are set out in a range of UK and EU legislation, statutory codes of practice, regulatory guidance and case law. This includes the General Data Protection Regulation (GDPR) and the Data Protection Act 2018. See the GDPR and the DPA pages for more information.

The University Data Protection policy is available online.

The Information Commissioner's Office (ICO) regulates data protection in the UK. They offer advice and guidance, promote good practice, carry out audits and advisory visits, consider complaints, monitor compliance and take enforcement action (including fines) where appropriate.

The ICO have produced a Guide to GDPR, which is a useful tool.

Information security is also a key part of protecting personal data. Guidance on University information security policies and practices is available here.

Guidance on other aspects of data protection is provided on these pages.

Specialist terms used in data protection legislation and in these guidance pages are defined in the Glossary.