Guidance for Students

Guidance for Students

What is the Data Protection Act?

  • The Data Protection Act 1998 (DPA) gives rights to all individuals, including staff and students, about whom the University holds personal information -- or personal data in DPA terms -- and gives responsibilities to the University regarding that information.
  • The University is committed to a policy of adhering to the eight basic principles of the DPA . The principles aim to protect the rights and freedoms of individuals with respect to the processing of their personal data and sensitive personal data, regardless of the format or media in which the personal data is held or, in respect of IT systems utilised for University purposes, the ownership of the equipment.
  • The University sets out the purposes for which it holds and processes personal data in its Notification to the UK Information Commissioner.
  • The  UK Information Commissioner's Office is the UK's independent public body set up to protect personal information, and to regulate and enforce the Data Protection Act.  It provides guidance to organisations and individuals, rules on eligible complaints, and can take action when the law is broken. The Commissioner has powers to order compliance and prosecution.


What is personal data?

Personal data can be an image/picture, document, statement, or record in a filing system, from which you as an individual person can be identified, and where;

  • you are the focus of the document or record,
  • the information is particularly relevant to you,
  • the information includes significant biographical facts and opinions about you,
  • the information affects your privacy in your personal, educational, or professional life.

Examples of personal data include the contents of an individual student file, home phone number, assessment or marks, or email detailing personal activities.

The mere mention of your name in a document, for example as a record of attendance at an open meeting, is not enough to make the information in that document personal data about you.


What personal data do you hold on me?

  • In brief, the University will process or use personal data about you for academic, administrative, management, pastoral, and health and safety reasons.
  • The personal data section of the University Calendar describes in detail the reasons why and how the data about you as a student has to be collected, processed, and secured by the University.

How can I access information held on me?

  • Colleges and Schools are responsible for providing assessment information to students. Contact your College or School in the first instance if you require your academic or assessment information.
  • The University's Senate Office provides detailed guidance to Colleges and Schools on the management and retention of information and records relating to teaching material and assessment performance.
  • The DPA provides a formal procedure, called the Subject Access Request, for an individual to request details of information about themselves that is held by the University.
  • It is University policy that Colleges and Schools are responsible for releasing information on assessment (including examination marks) to students.  Students should only need to submit a Subject Access Request to the Data Protection Office if they require their personal file, minutes of examiners' meetings, or advice on data protection issues, or where more complex DPA issues are evident.
  • If you require a copy of your degree, a transcript, or a certifying letter relating to your studies for employment or any other reason, please contact Student Services for this information 
  • If you require advice or further assistance in accessing information held on you by the University, please contact the Data Protection and Freedom of Information Office.

What information will the University share with third parties?

  • Schedule III(3) of the DPA allows authorised agencies, such as the police, hospitals, and other emergency services, to request information from the University about a specific student in emergency situations in order to protect the vital interests of that student or another individual
    • These emergency situations may include medical emergencies, accidents, and next-of-kin requirements.
  • Section 29(3) of the DPA provides authorised agencies such as the police with the mechanism to request, and the University the authority to release or decline to release, information about a student for the purposes of the prevention or detection of crime and the apprehension or prosecution of offenders.
    • Explicit consent from the student in question is not required to release their information.

CCTV and IT monitoring

  • The University operates CCTV and similar equipment to monitor safety and security.
    • The University may monitor telecommunications, data communications, and other communications as permitted by the relevant legislation and University regulations.
  • The University's IT Services undertake monitoring of IT systems and services according to its regulations and policies.
  • A brief summary of the legislative framework for monitoring and interception of communications is available.