Data protection guidance

General guidance from the Information Compliance Office

As well as the basic information about data protection on the data protection overview page (including the Quick Guide leaflet and the University's Data Protection Policy), the following guidance has been issued by the Information Compliance Office:

• Main data protection provisions and topics

  This main page includes guidance on:

  • Issuing privacy notices
  • How we handle data subject rights requests
  • Data protection by design
  • Data Protection Impact Assessments
  • Security and how we handle personal data breaches
  • Direct marketing
  • References
• Data sharing and user data processors
• Research
• Student clubs and societies
• Information Asset Register guidance
• Data Protection Annual Compliance Checklist
• AI guidance

For records management and retention guidance, see the records management page.

For links to training courses, see the data protection overview page.

Further information from other parts of the University

Additional sources of published policy and guidance in particular areas include:

Research

• All links are published on the standalone Research guidance page

IT

• IT security - extensive guidance, training and tools from University Information Services (including the University's information security and acceptable use policies)

Student data

• Examinations data - guidance from the General Board
• CamSIS and data protection - guidance from the CamSIS Team

Photos, videos and recordings

• Consents for photos, videos and recordings (see under 'Forms and Agreements') - guidance from the Legal Services Division (primarily aimed at recordings taken for publicity purposes)
• Policy on Recordings of Teaching Materials/Lectures, and other Teaching, Learning and Assessment Activities - policy and templates from the General Board's Education Committee
• Recording of lectures, seminars and supervisions - procedures and agreement for students with permission to record from the Disability Resource Centre as a reasonable adjustment
• For recordings in an administrative context (e.g. making a recording of a committee/team meeting or a training session), the same principles as those set out in the formal guidance above should be applied.  In short, if someone is the main contributor to a meeting/session they should consent to the recording being made, while if someone is an attendee who does not necessarily need to actively participate it is sufficient that they are simply informed that the recording will take place (and ideally given an opportunity not to be recorded e.g. by turning off their webcam/microphone or sitting in a different part of the room).  There should also be a clear need for the recording to be made at all (e.g. to update colleagues who could not attend a meeting/session, or to help with writing Minutes) and this purpose should be made clear to the participants. 

CCTV

• University CCTV Code of Practice - from the Security Office

Colleges

• Data protection - guidance and resources for Colleges from the Office of Intercollegiate Services