information management and compliance

The university’s aim is to deliver our services efficiently and transparently; this includes the effective management of organisational information that includes the collecting and processing of personal information. 

To support this, we have developed an Information Governance Framework, supporting policies and Records Retention Schedule.

The university's Strategic Information Management Group has responsibility for recommending policy, monitoring and reporting on compliance and risk and the university Information Management Operations Group oversees delivery and dissemination of best practice.

The Data Protection Officer (DPO) acts independently and is responsible for informing and advising the university and our staff of their obligations under data protection related legislation.  This includes privacy by design, using data protection impact assessments where required. The DPO is also responsible for the provision of advice and monitoring the university’s compliance with all European and UK data protection law and the university’s data protection related policies. The DPO also acts as a contact point for communication with the Information Commissioner’s Office and for data subjects (members of the public and employees) where there are concerns or queries regarding Data Protection.

The university as a data controller under FOIA and DPA 2018 is required to maintain a Publication Scheme, provide the details of its Data Protection Officer. The Information Commissioners Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals and the university is registered with the ICO as a Data Controller and its Data Protection registration number is: Z6734933.