For immediate action by all staff – GDPR preparedness

Issued: Thu, 17 May 2018 13:16:00 BST

As you will be aware, an important new regulation comes into force on Friday, May 25 – the General Data Protection Regulation (or GDPR). Designed to give more control to individuals on how their personal data is used, it has significant and far-reaching implications for organisations, including ourselves, and how we work.

I am grateful for the work done to date across the University in preparing for this new legislation but would urge you all to give renewed efforts to assessing how you use personal data, ensuring that it is only processed or kept when actually necessary and deleting any data you have on individuals that is no longer needed by you. Please don’t keep the information ‘just in case’. This includes copies of records on central systems, mailing lists that are no longer used, applicants for posts, results for previous student cohorts etc.

The University is required to document the reasons for holding data on individuals and to share with those individuals what we do with their data. So-called Privacy Notices are being developed by the University for publication for our main activities – holding staff, student and alumni data. If you use data for other purposes you will need to develop a privacy notice for that – please see the Privacy Notice template and associated guidance for more details.

For more information please refer to the University’s GDPR webpages or contact the Data Protection and Freedom of Information Office at

With many thanks for your help in this important matter.

Anton Muscatelli
Principal and Vice-Chancellor