• Home
  • Login
  • Welcome to the Staff Intranet
 

Padlocked Notebook PCData Protection Policy Statement

 

Edinburgh Napier University is committed to protecting the rights and freedoms of individuals with respect to the processing of their personal data. This is done in accordance with:

  • The Data Protection Act 1998 (the Act)
  • associated legislation
  • case law and the spirit of the Act
  • the University's notification with the UK Information Commissioner, which sets out the purposes for which the University holds and processes personal data about employees, students, graduates and others

Compliance

1. All users of personal data at Edinburgh Napier University are required to comply with:

  • The Act
  • the University's Data Protection Code of Practice and Information Security Policies
  • associated University policies, procedures and guidance on the provisions and practical implementation of the Act

2. These requirements apply to all personal data created and received, regardless of where it is held and irrespective of the ownership of the equipment used, if the processing is for Edinburgh Napier University purposes.

 

3. Any breach of the University's policies, procedures or guidance may result in the University being legally liable for the consequences and internal disciplinary action being taken.

 

Responsibilities

Bank vault door1. The University's Governance Officer (Data Protection & Legal) is responsible for day-to-day compliance, developing guidance and providing advice and training to staff

 

2. The University Secretary has overall responsibility for ensuring that the University complies with the Act and its associated legislation.

 

The Data Protection Principles

The Data Protection Act sets out eight principles governing the use of personal information with which all University users must comply unless an exemption applies. These principles ensure that personal information is:

1. Fairly and lawfully processed

2. Processed for limited purposes

3. Adequate, relevant and not excessive

4. Accurate and up to date

5. Not kept for longer than is necessary

6. Processed in line with individuals' rights

7. Kept secure

8. Not transferred to other countries without adequate protection

 

The full provisions governing these principles are available in:

Schedule 1 part 2 of the Data Protection Act

 

Further guidance is available in theUniversity's Data Protection Code of Practice.

Download the University's Data Protection Policy Statement as a print-friendly PDF.