Data ProtectionThe University is required by the Data Protection Legislation (EU General Data Protection Regulation and UK Data Protection Act 2018) to process all personal data strictly in accordance with the Legislation and its data protection principles.
Data Protection Code of Practice
The University has developed a Data Protection Code of Practice which:
- Provides guidance on the application of the Act
- Concentrates on key issues of concern to the University
- Reflects our agreed policies and procedures
- Provides links to these where appropriate and to specific guidance notes and other resources
If you are having any difficulties viewing this page please contact firstname.lastname@example.org.View the Data Protection Code of Practice
Specific sections which apply to students include:
Student processing of personal data
The University is responsible for personal data when it is the data controller for that data i.e. where the University determines the purposes for and the manner in which any personal data is to be processed.
A student is only permitted to use personal data for a University related purpose, with the knowledge and express consent of an appropriate member of staff. For research purposes this would normally be a postgraduate supervisor or the person responsible for teaching the relevant undergraduate class or course. For administrative purposes this will be on the express authorisation of the line manager or supervisor of the project on which the student is employed.
For more information consult: Processing of Personal Data by Students
Use of personal data in research
The Act sets out to ensure that researchers may only process data about other living individuals where they have a clear legal purpose for doing so and subject to certain prescribed exemptions, the use of personal information for research falls within its remit. Staff and students engaged in research at the University are obliged therefore to comply with the requirements of the data protection principles, the University’s Code of Practice and any associated guidance, when collecting and processing personal data for research purposes.
In addition to computerised records, these requirements apply to written records held in a structured filing system, digital and microfiche records and video recordings. For more information consult: Use of Personal Data in Research.
Use of the internet, social media and other externally hosted services
In order to encourage safe, responsible and acceptable use of the internet, Web 2.0 and other externally hosted services (e.g. Facebook, YouTube, Twitter, LinkedIn) guidance has been developed for students on How to be Webwise.
Collection and use of your personal data
All students are asked at matriculation to sign up to the University’s Data Protection Statement for Students which explains how the University collects, uses, discloses and ultimately disposes of your personal data.
The University also publishes guidance on the student information we are required to disclose to HESA, which is available at the link above.
Checking or changing your student details
Related University Policies
Other sources of advice and guidance
Please note that all links provided in this guidance to third party sites are for your information and convenience only. Edinburgh Napier University has no control over these sites and accepts no liability in respect of their use.Get Safe Online guidance BBC Twitter guidance The Information Commissioner’s Office guidance