Data Protection & Freedom of Information Office

Personal Data

Data protection legislation regulates the processing of personal data about a living individual (data subject). Personal data is any information relating to a data subject who can be identified, directly or indirectly by that information including: 

• Name
• Staff or student number
• Location data
• Online identifier such as IP addresses or cookies
• Pseudonymised data
• Any factors specific to physical, physiological, genetic, mental, economic, cultural or social identity

Personal data may occur in any format or context where the identifiable data subject is the focus of or particularly relevant to the data, including:

• Any expression of opinion about an individual;
• Any indication of any intentions in respect of an individual;
• Paper, card, CCTV screen or recording media, or stored in a filing cabinet or in any IT system;
• It can be in an e-mail, letter, minutes, reference, card index, database record, etc.

Personal data can only be processed if a relevant lawful basis for processing is identified and met. 

There is a sub-category of personal data called special categories of personal data, where additional processing conditions apply. Please see the special categories of personal data A-Z entry for further guidance.