• Information plays a key part in the College’s day to day operations and governance. The quality of the College’s services, planning, performance measurement, assurance and financial management relies upon accurate and available information.
  • Information governance is a key responsibility of each and every member of the College’s community. Everyone has a part to play in implementing and embedding our policies and codes of conduct into the College’s working practices. Therefore, College staff and students must familiarise themselves with the College’s Information Governance Policy Framework and the policies it describes. The Framework describes the key individual roles and responsibilities for information governance in some detail.
  • For ease of reference, the below is an outline of some of the key people/teams you may come across when it comes to day to day information governance at the College and their specific roles in the area of information governance.

Further information

The College's Data Protection Officer (DPO)


The DPO has responsibility for ensuring the College’s compliance with the General Data Protection Regulation (GDPR), the Data Protection Act 2018 and any related legislation. The DPO provides advice and guidance to College staff in respect of any data protection questions, issues or developments that may arise from time to time including (among others) drafting data protection notices and obtaining consent from data subjects. The DPO also responds to and manages data security breaches and liaises with the Information Commissioner’s Office as may be necessary.

Information and Communication Technologies (ICT)

The ICT Security team preserves the integrity and security of Imperial College London systems and equipment to protect students, staff and guests using the College networks and Information Technology (IT) facilities from the risks associated with unauthorised access, alterations and attacks. The Security team works closely with the DPO when data security breaches occur and involve College ICT systems or equipment.

The ICT Governance team oversees Imperial's approach to the use of Information and IT, including strategic planning for IT in line with the College strategy. The team also ensures that ICT policies and practices conform to mandatory legislation and regulations.

Archives and Corporate Records Unit (ACRU)

ACRU are the custodians for the Imperial College Archives. They manage the Records Management Programme of Imperial College and the College Treasures. With respect to data protection, they maintain the College’s Retention Schedule that outlines the retention periods for the main categories of records the College holds.

Access to Information

Requests for access to information held by Imperial College are managed by the College’s Access to Information Manager. This includes Subject Access Requests from individuals wishing to exercise their GDPR/Data Protection Act right to access personal data held relating to them and also Freedom of Information (FOI) Act requests for recorded information held by the College.

If you have any queries or concerns about SARs or FOIs, or if you receive a request for information, whether from an individual wishing to access records we hold about them or from someone wishing to access any information held by the college, please refer to the SAR or FOI teams immediately.