The university has a statutory duty to ensure that the personal data and information it holds complies with the law and regulations to which it is accountable

Information compliance covers the legal framework and the standards that need to be established to ensure the university’s management of information operates within the law and the information rights of individuals such as providing the rights of access to public and personal information.

The key legislation the university must comply with includes the General Data Protection Regulation 2016 (GDPR), the Data Protection Act 2018 (DPA 2018), the Privacy and Electronic Communications (EC Directive) Regulations 2003 (PECR) and the Freedom of Information Act 2000 (FOIA).

The updated data protection legislation provides individuals with more control over the privacy of their personal information and protects the rights and freedoms of individuals when the University processes their personal data.

More information on how the university collects and processes (or uses) personal information can be found in the notification made to the Information Commissioner's Office (ICO) and in the university’s relevant Privacy Notice.