Data Protection

If you're dealing with Personal Data (if in doubt see definitions below) - then you need to be aware of the requirements and guidance on how to deal with that data legally whilst protecting the privacy of the people who entrust their data to us (our staff, students, visitors, alumni, customers and so on).

If you have a specific information role (e.g. SIRO, Information Asset Owner, Information Manager / Administrator etc) - then you also have you own specific toolkit page accessible from the Toolkit link on the left hand pane.

Use the following links to access data protection guidance (please note these guides are still being further developed):

Sources of help

Data Protection Officer

Clare Stevenson (Solicitor – Head of Legal and Information Compliance)

Contact the DPO for:

  • information and advice regarding our obligations under the GDPR and other data protection provisions (e.g. PECR).
  • Queries and information on data protection staff training and data protection auditing.
  • Advice on data protection impact assessments (DPIA)
  • Advice on seeking prior consultation or breach notification with the Information Commissioners Office (ICO)
Information Security Manager

Simon Clements

The role of the Information Security Manager is …

Contact the Information Security Manager for:

  • Advice on Information Security policy or guidance
  • To report information security concerns/issues
  • Advice on risk assessments (information security) and measures to reduce risk


Information Support Officer

Lauren Adams

Contact the Information Support Officer for:

  • Any queries regarding data subject rights – e.g. Subject Access Rights
  • Freedom of Information Requests
  • Requests for information about our data subjects (e.g. students, employees, visitors etc) from 3rd parties (e.g. the Police, tax authorities, parents, spouses etc)


Senior Information Risk Owner (SIRO)

Dr Helen Galbraith (Academic Registrar & Director of SAS)

The University’s SIRO …

Contact the SIRO for:

  • Highlighting high risk issues with information processing activities;


Information Asset Owners (IAO)

Each Director or Dean is the responsible Information Asset Owner for the data within their respective directorate/faculty. They hold responsibility to ensure compliance with information security and data protection requirement for their data.

Contact your IAO for:

  • Any compliance issue related to data in the respective directorate/faculty


Information Asset Manager / Information Asset Administrator

Every information asset will be assigned a specific ‘Manager’ who is responsible for the day-to-day management of that asset and who will control its use, and how and if that asset is shared, stored, accessed and deleted. Refer to the relevant Information Asset Register entry to identify the appropriate Manager or Administrator.

Information Managers may also be assisted by Information Asset Administrators who are delegated many of the day-to-day tasks.

It is likely that most of the people referring to this guide will be Information Asset Managers or Information Asset Administrators, and if that is you then it is crucial that you have a good understanding of the principles of data protection as you are the first line of defence in making sure we can effectively protect people personal data.

Contact the Information Data Manager/Administrator for:

  • Requests to have access to / share their information asset;
  • Any proposal to perform a new process with the asset;
  • Any other queries/notification regarding the asset
Other Useful Information

Information Commissioners Office (ICO) –

Surveillance Camera Commission -

JISC GDPR Guidance -

Medical Research Council -