Dos and Don'ts For Data Protection

This notice provides basic guidance on how you should handle personal data under Data Protection law. It applies to both personal data processed on computer (including emails) and to personal data held in manual files.
  • When you process personal data you must ensure that it is accurate, relevant and not excessive in relation to your needs.
  • Do not process personal data unless you are sure that you, your department or the University have a lawful basis for doing so.
  • Do not disclose any information (including giving references) about an individual to an external organisation without first checking that the individual consents to such disclosure, or with Information Assurance Services if consent is not appropriate.
  • Do not write any comment about any individual that is unfair or untrue and that you would not be able to defend if challenged. You must assume that anything that you write about a person will be seen by that person.
  • Be vigilant if you are undertaking work off-campus using personal data such as individualised research data, reference requests or examination scripts or results. Strict security measures must be applied to the transportation and storage of all such data.
  • Ensure that all personal data is kept secure, not only from unauthorised access, but from fire and other hazards.
  • Use the office shredder or the contract shredding service to dispose of any document containing personal data, whether or not you consider it to be confidential.
  • Apply password protection to computers, screensavers and documents. Where possible keep your office door locked and your desk clear of personal data when you are absent.

If anyone asks to see the data that the University holds about them (other than that which you would normally provide to them in the course of your duties) they must be referred immediately to Information Assurance Services.


Share this page:

Request Information

To make a Data Subject Access Request, or a Freedom of Information Request, please contact IAS directly.

Data Protection Officer

The Data Protection Officer is:

Elisabeth Taoudi, Data Protection Officer and In-House Commercial Lawyer, University of Leicester, University Road, Leicester, LE1 7RH

0116 229 7640