Code of Practice
Data Protection Principles
Frequently Asked Questions
General Data Protection Documents
Oaths of Confidentiality
Processing Data for Research Purposes
Security of Personal Data
Data Sharing
Internet, Online and Web 2.0 Services
Privacy Impact Assessments
International Transfers of Personal Data
Student Advice
CCTV Code of Practice
Guidance on References
Access to Personal Information
Destruction of Personal Data
Exam Board Minutes
Information Governance Group
Training

The Data Protection Principles

The Data Protection Act sets out eight principles governing the use of personal information. The main purpose of these principles is to protect the interests of the individuals whose personal data is being processed by the University and they apply to everything we do with personal data, unless an exemption applies.

Image of padlock and PC screen

These principles ensure that personal information is:

1. Fairly and lawfully processed

2. Processed for limited purposes

3. Adequate, relevant and not excessive

4. Accurate and up to date

5. Not kept for longer than is necessary

6. Processed in line with individuals’ rights

7. Kept secure

8. Not transferred to other countries without adequate protection

The full provisions governing these principles are available in: Schedule 1 part 2 of the Data Protection Act

Further guidance is available in the University’s Data Protection Code of Practice.