Information commissioner's office
The ICO’s role is to uphold information rights in the public interest. Further information and guidance is available on the ICO’s website at: https://ico.org.uk/
Data that relates to a living individual who can be identified from the data.
Sensitive personal data
Includes personal data relating to racial or ethnic origin, political opinions, religious belief, physical or mental health.
People about whom personal data is held.
Data controller and processor
The data controller determines the purposes and means of processing personal data. A data processor is responsible for processing personal data on behalf of a controller.
The University is a data controller.
The 6 principles of the GDPR
Article 5 of the GDPR requires that personal data shall be:
- processed lawfully, fairly and in a transparent manner in relation to individuals;
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- accurate, kept up to date and erased or rectified
- kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed;
- processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
8 rights of data subjects
GDPR provides the following rights for individuals in respect of their personal data:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling.