All staff, and students who process personal data, are under a general duty to comply with the Act. Individuals can face criminal charges under certain conditions if, without consent, they knowingly or recklessly, obtain or disclose personal data.

Members of staff and students who are processing personal data on behalf of the University must ensure that they comply with the University’s Data Protection Policy.  It is important that they complete an on-line registration form to ensure that the University’s registration with the Information Commissioner’s Office is up-to-date and covers their processing.

Individuals wishing to access information which is held about them by the University should see the section Information the University holds about me.

Legal Services have produced a guidance note on transferring personal data to external organisations.

Further general guidance can be found in the JISC Data Protection Code of Practice for HE and FE, and of course the Information Commissioner’s website is extremely useful.