Data protection policy
The College adheres to the Data Protection Act 1998 which creates a framework of rights and duties which are designed to safeguard personal data. This framework balances the legitimate needs of organisations to collect and use personal data for business and other purposes, against the right of individuals to respect for the privacy of their personal details. There are eight principles defined in the Act:
- Personal data shall be processed fairly and lawfully and for the purposes for which it was collected.
- Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
- Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
- Personal data shall be accurate and, where necessary, kept up to date.
- Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
- Personal data shall be processed in accordance with the rights of data subjects under this Act.
- Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
- Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
All members of the College should be aware of the requirements of the data protection legislation and of their individual responsibilities concerning the legislation.
Staff should also note that special arrangements apply to the provision of data to third parties. One effect of principle eight, which restricts the transfer of material outside the European Area, is that personal data about an individual placed on the World Wide Web is likely to breach the provisions of the Act unless the individual whose data is used has given his or her consent. It is important that all those preparing web pages, address lists and the like are aware of these provisions, if in doubt seek advice from the Data Protection Officer.
The Act specifies arrangements for the notification of processing undertaken by the Institution. The College has in place wide ranging registrations under the 1984 Act which will be reflected in its notification under the provisions of the new Act in due course. Any members of staff or individuals who are uncertain as to whether their activities have been registered or notified (as appropriate) should contact the Data Protection Officer (the Bursar) in the first instance.
A failure to comply with the provisions of the Act may render the College, or in certain circumstances the individuals involved, liable to prosecution as well as giving rise to civil liabilities. Individuals are encouraged to familiarise themselves with the general aspects of Data Protection, particularly if they are dealing with personal data as part of their duties, which can found at the following links:
- University Policy on the Data Protection
- Wikipedia on Data Protection Act 1998
- The Information Commissioner’s Office
Further information and advice may be obtained from the College’s Data Protection Officer.
Data Protection Officer
Information and regulations
- Freedom of information
Under the Freedom of Information Act, the College is obliged to put information into the public domain. As part of our responsibilities, we will endeavour to be as open and transparent as possible, while recognising that sensitive material cannot be made available to the public. For instance, information relating to individuals or which involves confidential commercial considerations will be exempt from publication.
Our Freedom of Information Publication Scheme is a guide to information the College has published or intends to publish, and where to find it. Please consult the Scheme to find out whether the information you require is already available.
- Data protection policy
The College adheres to the Data Protection Act 1998 which creates a framework of rights and duties which are designed to safeguard personal data. This framework balances the legitimate needs of organisations to collect and use personal data for business and other purposes, against the right of individuals to respect for the privacy of their personal details.
More information on our data protection policy is available here.