Data protection


The College is a centre of knowledge and training. Next to its people, information is its most important asset. Because of this, the College recognises the importance of protecting its information assets and, in particular, the information relating to its staff, students and other individuals in whatever form that information is held.

The College needs to keep and process certain information about such persons so that, for example, staff can be recruited and paid, courses organised, facilities provided and legal obligations to funding bodies and government complied with. As part of its teaching and research commitments it will also utilise information about other people eg. patients. In doing so, the College must comply with the Data Protection Act 1998 (DP Act 98) and process that information in accordance with the eight Data Protection Principles set out in the Act.

The College's Data Protection Officer will handle day-to-day issues relating to notification, advice on compliance and with subject access requests. Each department or division has appointed a Data Protection Co-ordinator, read the list.

All data, whether held electronically or manually, must be kept securely and not disclosed unlawfully.

Data protection Accordion

Policy, Codes of Practice and Guidelines

The College's Data Protection Policy and associated Codes of Practice are available online. In addition the College has produced further guidance.

Topics in this area:

External Internet Links


As an organisation which processes personal data, the College is required to notify the Information Commissioner's Office (the body that upholds information rights) on an annual basis. The College's registration number is Z5940050. A link to the College's registration entry on the Information Commissioner's website.

Rights of Access to Personal Data

The College respects the right of its staff, students and others to access any personal data about them which is being held in College data sets, either electronically or in a relevant filing system, as defined in the DPAct98, to check that it has been fairly obtained, that it is accurate, and to have such data corrected where necessary. It also recognises the right of a data subject to withdraw consent to the processing of personal data where such processing could cause them significant damage or distress.

Data protection principles

When processing personal information data must:

  1. be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met
  2. be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose
  3. be adequate, relevant and not excessive for those purposes
  4. be accurate and kept up to date
  5. not be kept for longer than is necessary for that purpose
  6. be processed in accordance with the data subject's rights
  7. be kept safe from unauthorised access, accidental loss or destruction
  8. not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data

Staff and students of the College, or others who process or use any personal information for the College, must ensure that they follow these principles at all times.


The following training courses are available to College staff:

Information Security Awareness training  This course can be accessed via Blackboard Learn and covers the following topics:

  • Why do we need to protect information?
  • Physical security and good practice
  • Accessing and sharing information
  • Threats and protection
  • Working away from your desk
  • Your responsibilities – How you can help
  • Researchers (optional)
  • Phishing
  • Bring Your Own Device (BYOD)
  • Cloud computing

Freedom of Information and Data Protection e-Learning course. This course covers the following topics:

  • A general introduction to the Data Protection Act and Freedom of Information Act
  • Oblication of the College, staff and students under the Acts
  • The 8 principles of the Data Protection Act

Records Management – e-Learning course. This course covers the following topics:

  • An introduction to good records management practice
  • The benefits of good records management
  • How to store records properly
  • The disposal of records
  • How to transfer records to and request files from the College Archive and Corporate Records Unit