Read the Autumn Update from Assurance and Data Protection

Having joined the University as the new Head of the Data Protection/Data Protection Office (DPO) in May 2022, this is the first of my termly data protection newsletters. I hope you find the updates and news stories useful!

Sharing personal data in an emergency – a guide for universities and colleges

On the 22 September, during our Welcome Week, the Information Commissioner’s Office (ICO) published a timely reminder of how we can legitimately use personal data to support our students in an emergency situation:

“The new academic year in HE and FE is approaching, which is a good opportunity to remind everyone in universities and colleges that they should not hesitate to share students’ personal data to prevent serious harm to the physical or mental wellbeing of a student in an emergency situation, or protect a life. Data protection law allows this, and you won’t get into trouble if you share information with someone who is in a position to help a student at risk.” Blog: Sharing personal data in an emergency – a guide for universities and colleges | ICO

Updated Data Protection Policies

The University’s data protection, data breach and data subject rights policies have been updated to reflect current data protection requirements and safeguards.

Please read the policies so that you are confident that you are using data lawfully in your role.

These policies help you do the right thing when you are:

  • using personal data
  • responding to requests for personal data
  • reporting a data breach or data security incident
  • contracting with other organisations who use personal data on the University’s behalf
  • handling particularly sensitive data such as allegations or reports of criminal activities.

Mandatory Data Protection Training

All staff are required to complete mandatory training modules including one that covers data protection, freedom of information and records management during their induction.

To ensure that knowledge of data protection is maintained, all staff are required to retake this module every two years. This will provide you with the confidence that you are processing personal data in a secure and legally compliant way; and allows the University to demonstrate that it is complying with its legal requirement to only have trained staff processing personal data.

If you haven’t revisited this module in the past two years, please do log on as soon as possible and complete it.

New Communication Channels

Finally, we are excited to announce the launch of our new Assurance and Data Protection webpages and SharePoint site. This should be your first port of call for anything data protection, freedom of information or records management related. Do check them out and let us know what you think!

If you have any questions not answered on the Assurance and Data Protection sites, or if you need further support and guidance please do get in touch with the team by emailing

Laura Pullin
Head of Data Protection / Data Protection Officer (DPO)