Skip to main content

University Data Protection Policy

About the Data Protection Act

The Data Protection Act 1998 came into force on 1 March 2000. The Act governs the collection, retention, use and transmission of information about living individuals and the rights those individuals have to see this information. The Act covers personal information in both electronic form and manual form (e.g. paper files, card indices) if the information is held in a relevant, structured filing system. The measures and procedures the University has in place to ensure adhere to the Act are based on the Joint Information Systems Committee Code of Practice (JISC) Data Protection Code of Practice for the HE and FE Sectors.

As part of its obligation, the University, on an annual basis, informs the Information Commissioner's Office of the purposes for which personal information is processed together with the types of individuals who are the subject of the data (data subjects), the types of data being processed (data classes), the individuals or organisations to which the University does or intends to disclose data and the countries to which, if any the data is transferred. The University registration number is Z5856740 and further details of the Data Protection register entry be found on the Information Commissioner's website at this link https://ico.org.uk/ 

What Does The Act Mean For University Staff?

All members of staff at the University of Warwick who handle or process personal data about individuals in any way (names, contact details, financial details, course details, personal circumstances, beliefs, etc) must be aware of the Data Protection principles and how to apply them lawfully.

If you receive a request from an individual or organisation to gain access to personal data held by the University about individuals, in most cases DO NOT provide the data yourself.

If the individual wanting to gain access to the data is the subject of the data (i.e. Joe Bloggs wants to see his personal file), please refer the request to the Administrative Officer for Legal Compliance at infocompliance@warwick.ac.uk who will process the data subject access request.

If the individual or organisation wanting to gain access to the data is not the subject of the data (i.e. a company wants to see data on members of staff, or a law enforcement agency wants to locate an individual) do not provide the information, but ask them to redirect their request to the Administrative Officer for Legal Compliance at infocompliance@warwick.ac.uk.

NB: this does not prevent you from providing references on behalf of students to potential employers in the usual way - in such cases you are free to provide the references directly without recourse to the Administrative Officer for Legal Compliance. It also does not prevent you from releasing data to organisations such as HESA, funding bodies, etc as part of our statutory requirements. You may also transfer personal data about individuals to third parties in other cases provided the individuals who are the subject of the data have consented to their data being transferred in this way in the form of a written or electronic record to that effect.

Staff involved in processing new types of personal data have a responsibility to inform the Administrative Officer for Legal Compliance at infocompliance@warwick.ac.uk so the University's notification can be immediately updated. In providing any such updates, full details should be included of the type of personal data to be processed (i.e. financial details, contact details, etc), who the subject of the data is (students, staff, the public, etc), why the data is being processed (marketing, staff administration, etc) and whether the intention is at any time to transfer the data to a third party external to the University who is not the subject of the data, including whether this is an international partner.

Useful links:

 You may also find it helpful to look at the Information Security section of the Governance website, in particular the section on 'Types of Info'.

What Does The Act Mean For Students Of The University?

All students at the University of Warwick who handle or process personal data about individuals (names, contact details, financial details, course details, personal circumstances, beliefs etc) in the course of their studies must be aware of the Data Protection principles and how to apply them lawfully within the confines of the University Data Protection policy. It may be that certain conditions are in place, eg for dealing with NHS or DWP data, so you are advised to speak to your tutor and department in the first instance. Further clarification can be sought from the Administrative Officer for Legal Compliance at infocompliance at warwick dot ac dot uk

 

How Do I Make A Request for Personal Information Held About Me?

Please see our pages on Subject Access Requests for more information on requesting your personal information.