Information Governance Policies

Data Protection Policy - At a glance

Data Protection is the responsibility of all staff that handle personal information of our staff or our students (data subjects) below are some key points from the University of Sunderland Data Protection Policy, the full policy document can be found here.

• The Data Protection Policy applies to all staff that handle personal information for or on behalf of the University of Sunderland.
• The University will comply with the principles of the General Data Protection Regulations when processing personal information.
• Personal data will only be processed where one or more legal basis for processing this data applies.
• The University will undertake an assessment of new or significantly changed methods of processing to ensure risks of the processing can be understood and effectively managed.
• The minimum information classification applied to personal data will always be restricted, and for special category information confidential.
• The University will ensure that all requests relating to personal data are handled in line with the expectations of the General Data Protection Regulations.
• In the event of a data breach the University will assess the severity of the breach and where applicable will report the incident to the Information Commissioners Office no later than 72 hours after becoming aware of the breach.
• The University will provide mandatory training in Data Protection to all staff