Information Governance
Data Protection Legislation
NTU is a Data Controller for the purposes of the UK General Data Protection Regulation, Data Protection Act 2018 and associated data protection legislation. Data Protection Legislation is designed to create consistency and strengthen data protection principles and practices with a strong emphasis placed on the rights of individuals.
At NTU, we use and share personal information for our administrative purposes, in order to identify, deliver and monitor services that we provide, to carry out our functions as a university, and to comply with our legal obligations.
NTU is registered with the ICO - Z7109967.
Privacy notices
NTU processes personal data relating to prospective students, students, graduates/alumni, employees (and applicants) in addition to suppliers and other third parties.
Our privacy notices explain how we collect, use, retain and store your data and explains your rights in relation to that processing.
Policies and procedures
The University is a large and complex organisation and we are highly dependent on the processing of personal data for our activities. The University takes into consideration data privacy of individuals at all stages of our processes.
Data protection policy
The University is committed to protecting the privacy and security of personal information which includes the personal data of our staff, students and other third parties. This data protection policy sets out the minimum standards which must be complied with by the University.
Data breach policy and procedure
This policy sets out how the University identifies and manages its data breach responsibilities in accordance with its legal and regulatory obligations. This data breach policy sets out the minimum standards which must be complied with by the University.
Data breach policy
Data breach procedure
Subject access request (SAR)
This policy sets out how the University identifies and manages its SAR responsibilities in accordance with its legal and regulatory obligations. Data subjects have a right of access under the GDPR that allows them to make requests to organisations that hold personal data about them. The SAR Procedure provides the process for accessing your information and provides an easy to use form for requesting your data. Alternatively, you can email us.
Subject access request policy
Subject access request procedure
Records retention
The University’s records are an important sources of administrative/evidential and historical information. These are pivotal to our activities and to assist us with accountability. The University has developed a Records retention schedule.
Information classification scheme
All University data has an inherent value and is an important asset to the University. However, data varies in its sensitivity and value and different types of data will require different levels of security. All University information and data should be handled appropriately to ensure that any risks are effectively managed (which includes adequate storage and processing with appropriate security and access controls in place).
Freedom of Information at NTU
The Freedom of Information Act 2000 covers information relating to the way Nottingham Trent University is governed and how decisions are made.