Data Protection Policy Statement
Edinburgh Napier University is committed to protecting the rights and freedoms of individuals with respect to the processing of their personal data. This is done in accordance with:
- The Data Protection Act 1998 (the Act)
- associated legislation
- case law and the spirit of the Act
- the University’s notification with the UK Information Commissioner, which sets out the purposes for which the University holds and processes personal data about employees, students, graduates and others
1. All users of personal data at Edinburgh Napier University are required to comply with:
- The Act
- the University’s Data Protection Code of Practice and Information Security Policies
- associated University policies, procedures and guidance on the provisions and practical implementation of the Act
2. These requirements apply to all personal data created and received, regardless of where it is held and irrespective of the ownership of the equipment used, if the processing is for Edinburgh Napier University purposes.
3. Any breach of the University’s policies, procedures or guidance may result in the University being legally liable for the consequences and internal disciplinary action being taken.
1. The University’s Governance Officer (Data Protection & Legal) is responsible for day-to-day compliance, developing guidance and providing advice and training to staff
2. The University Secretary has overall responsibility for ensuring that the University complies with the Act and its associated legislation.
The Data Protection Act sets out eight principles governing the use of personal information with which all University users must comply unless an exemption applies. These principles ensure that personal information is:
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept for longer than is necessary
6. Processed in line with individuals’ rights
7. Kept secure
8. Not transferred to other countries without adequate protection
The full provisions governing these principles are available in:
Schedule 1 part 2 of the Data Protection Act
Further guidance is available in the University’s Data Protection Code of Practice.
Download the University's Data Protection Policy Statement as a print-friendly PDF.