Data Protection

The 1998 Data Protection Act (which came into force on 1 March 2000) is concerned with data relating to living, identifiable individuals; how this data can be used; to whom it may be transferred and in protecting the rights of people regarding their own data.

The University has a Personal Information Policy sets out the legal requirements for members of the University who process personal information for any reason.

Personal data collected purely for research or statistical purposes is exempt from the main terms of the Act as long as the following conditions are met:

  • individuals are not identified on publication.
  • no distress or damage is, or is likely to be, caused to an individual.

Unlike data collected for other purposes, research data may be used for further research studies, and by other researchers. Research data may also be kept indefinitely, and people whose data is studied as part of a research project do not have the automatic right to access that data, as they do if it is held for other purposes. Data originally collected for research may not subsequently be used for non-research purposes. If you have any queries on data protection or personal data matters, please contact the University Data Controller, Department of Corporate Information and Computing Services.