Information Governance for the University

Find out about your obligations and how to comply, including protecting personal information, Freedom of Information Reqeusts and Data protection.

Quick links...


What is GDPR?

The General Data Protection Regulation (GDPR) is the new EU legal framework for data protection. The GDPR applied across all member states from 25th May 2018. 

In the UK the GDPR now sits alongside the Data Protection Act 2018 which together replace the old Data Protection Act 1998 and introduce greater protections for personal data and bring data protection law into the digital age. 

Here are the top things to do to be GDPR Ready:

  1. Complete and maintain your Information Asset Registers (Records of Processing)
  2. Identify and manage any areas where you share personal data outside the University
  3. Ensure you clear out personal data you no longer need in accordance with the Retention Schedule, including a clear out of emails containing personal data (particularly sensitive personal data) if attachments containing personal data are needed, stored them securely in access controlled folders. 
  4. Complete your mandatory Information Security training and follow IS guidance -  Click here
  5. Ensure you are handling all data (including personal data) in accordance with the requirements depenant on its classification - see Data Classification guidance
  6. Be aware of who your Information Governance Champion is (click here) - these people should be your first point of call for queries.
  7. Avoid that stomach churning feeling of being responsible for a data breach - if you are doing anything (particularly sending, emailing, sharing) with personal data (especially sensitive personal data) then stopthinkdouble check or ask.
  8. If a breach or incident has occurred - report it immediately (see button above)
SPA: Security Protection Accountability

Immerse yourself in security, protection and accountability at Keele University. Begin your journey into discovering simple ways to detox and clear out any unwanted data. Whether you are looking to update your knowledge or discover more, you can do so at the comfort of your own desk. 


Other information links

Other sources of help and guidance

Information Commissioners Office detailed Guidance on Legislation

The Information Commissioners Office detailed Guidance on Legislation is available here.

An overview of the General Data Protection Regulation (GDPR) is available here.

Sources of help

Data Protection Officer

Anne-Marie Long

Contact the DPO for:

  • information and advice regarding our obligations under the GDPR and other data protection provisions (e.g. PECR).
  • Queries and information on data protection staff training and data protection auditing.
  • Advise on data protection impact assessments (DPIA)
  • Advice on seeking prior consultation or breach notification with the Information Commissioners Office (ICO)


Information Security Manager

Simon Clements

Contact the Information Security Manager for:

  • Advice on Information Security policy or guidance
  • To report information security concerns/issues
  • Advice on risk assessments (information security) and measures to reduce risk


Legal and Governance Support Officer

Lauren Adams

Contact the Legal and Governance Support Officer for:

  • Any queries regarding data subject rights – e.g. Subject Access Rights
  • Freedom of Information Requests
  • Requests for information about our data subjects (e.g. students, employees, visitors etc.) from 3rd parties (e.g. the Police, tax authorities, MPs, parents, spouses etc.)


Information Governance Champions (IG Champions)

Each Directorate / Faculty / School have there own IG Champion(s). Find yours here.

IG Champions will have received more in depth training around information governance (including data protection) and will be able to assist with many departmental queries/issues.


Senior Information Risk Owner (SIRO)

Dan Perry (Chief Information Officer)

Contact the SIRO for:

  • Highlighting high risk issues with information processing activities;
  • Sign off of DPIA where the DPO's advice is being overruled


Information Asset Owners (IAO)

Each Director or Dean is the responsible Information Asset Owner for the data within their respective directorate/faculty. They hold responsibility to ensure compliance with information security and data protection requirement for their data.

Contact your IAO for:

  • Any compliance issue related to data in the respective directorate/faculty


Information Asset Manager / Information Asset Administrator

Every information asset will be assigned a specific ‘Manager’ who is responsible for the day-to-day management of that asset and who will control its use, and how and if that asset is shared, stored, accessed and deleted. Refer to the relevant Information Asset Register entry to identify the appropriate Manager or Administrator.

Information Managers may also be assisted by Information Asset Administrators who are delegated many of the day-to-day tasks.

It is likely that most of the people referring to this guide will be Information Asset Managers or Information Asset Administrators, and if that is you then it is crucial that you have a good understanding of the principles of data protection as you are the first line of defence in making sure we can effectively protect people personal data.

Contact the Information Data Manager/Administrator for:

  • Requests to have access to / share their information asset;
  • Any proposal to perform a new process with the asset;
  • Any other queries/notification regarding the asset
Other Useful Information

Keele Research Data Management -

Information Commissioners Office (ICO) –

Surveillance Camera Commission -

JISC GDPR Guidance -

Medical Research Council -