When is the Processing of Personal Data Legal?

The Rules for processing personal and sensitive personal data, as laid down in Schedules 2 and 3 of the DPA, are described elsewhere in this A to Z Guide.

Processing of personal data within, and by, the University is only legal when the processing is defined by the University's Notification with the Information Commissioner's Office [ICO]. The ICO is the official regulator for the Data Protection Act 1998. The current Notifications adequately cover the legitimate processing of personal data within the University. The Notification, in conjunction with the University's procedures, takes into account the rules for processing personal and sensitive personal data.