skip to content

All users of personal information, including students involved in organising clubs and societies, are obliged to comply with the Data Protection Act 1998.

Student societies are themselves responsible for the protection of any personal data that they process outside the control and responsibility of the University, and for ensuring that the data protection principles are upheld. This means that personal information about members should only be used in line with what those members have been told and their reasonable expectations. Societies should not collect unnecessary information about their members; that information should be accurate, should be stored securely and should not be kept for longer than necesssary. Societies will also need to recognise requests from members exercising their rights, for example to access the records that the society holds about them.

When personal information is collected from members, societies must state clearly their identity, the purposes for which the information is being collected, and who the data will be disclosed to (which may include the University itself). Societies should not pass on the names, addresses or email addresses of their members to any other outside organisations. Societies must also be aware of the restrictions the Act places on direct marketing.

The Act requires those using personal data to register with the Information Commissioner. However, most student societies will be exempt from this requirement as not-for-profit organisations - but this is a matter for the society to check directly with the Commissioner. There is a guide to registration on the Information Commissioner's website.

Further information aimed at sports clubs is available on the University's Sports Service website.  Futther information aimed at clubs and societies that have an alumni relations or fundraising dimension is available from CUDAR.