Are your Privacy Notices GDPR compliant?

Issued: Tue, 08 May 2018 10:56:00 BST

The General Data Protection Regulation (GDPR) will come into force on 25 May bringing new obligations for the University and each of us to be demonstrably transparent and accountable to all of the individuals whose personal data the University processes. The required means of communicating such information is via a Privacy Notice.

Under the GDPR, Privacy Notices need to be tailored to individual processing purposes, providing a defined and specific wide range of information in a clear and transparent way to ensure each data subject is able to fully understand exactly how and why their personal information will be gathered, controlled and processed.  This should include what the lawful basis is for each particular processing purpose.

The University will produce separate Staff and Student Privacy Notices which will set out in detail the uses made of their personal data. You should first check whether the processing of data within your project/initiative is already included in these Privacy Notices. If not, then you will need to provide a specific Privacy Notice to data subjects whose personal information you are processing.

Templates and guidance on how to ensure that your Privacy Notices are GDPR compliant are now available on the University GDPR pages 

Further information on Privacy Notices is also available on the Information Commissioner’s Office website 

If you can’t find the answers you need, please get in touch with the DP&FOI Office at