• Home
  • Login
  • Welcome to the Staff Intranet

​The Data Protection Principles


The GDPR sets out seven principles governing the use of personal information. The main purpose of these principles is to protect the interests of the individuals whose personal data is being processed by the University and they apply to everything we do with personal data, unless an exemption applies.

Image of padlock and PC screen


These principles ensure that personal information is:


1. Processed fairly, lawfully and transparently


2.  Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with these purposes


3.  Adequate, relevant and limited


4.  Accurate and up to date


5.  Kept in a form which permits identification of data subjects for no longer than is necessary


6.  Processed in a manner that ensures appropriate security


7.  The Controller shall be responsible for and demonstrate accountability


The full provisions governing these principles are available in Article 5 of the GDPR


Further guidance is available on the UK Information Commissioner's website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/ 


UK Information Commissioner's Guidance on Personal Data

There are several steps to determining whether data (electronic or manual) is personal data for the purposes of Data Protection legislation. Guidance can be found on the UK Information Commissioner's website https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/key-definitions/what-is-personal-data/