Data protection and GDPR
The University of Sheffield needs to collect, retain and process information about employees, students and other people to allow it to perform academic and administrative functions and to meet legal and regulatory obligations to sector bodies and government.
Where it is necessary for the University to hold and process personally identifiable information it will do so in compliance with its statutory obligations to the data subjects.
All University of Sheffield staff have a responsibility to protect personal information; you must abide by all relevant policies and procedures. Any actual or suspected breaches must be reported immediately.
You can view the roles, responsibilities and structure for information management governance at the University:
From 25 May 2018 the Data Protection Act (DPA) will be replaced by the General Data Protection Regulation (GDPR). We are updating our policies and guidance to adopt this new legislation, if you have any queries then please contact our Data Protection team.
How to manage personal information
Anyone who deals with personal information is required to handle that information appropriately. This applies to all individuals and organisations processing personal information on behalf of the University.
Report a breach
To report a breach, or a suspected breach please follow the Information Security Incident Policy.