Data protection
The University is required by the Data Protection Legislation (UK General Data Protection Regulation and UK Data Protection Act 2018, together known as the UK-GDPR) to process all personal data strictly in accordance with the Legislation and its data protection principles.
Data Protection Code of Practice
The University has developed a Data Protection Code of Practice which:
- Provides guidance on the application of the Legislation
- Concentrates on key issues of concern to the University
- Reflects our agreed policies and procedures
- Provides links to these where appropriate and to specific guidance notes and other resources
If you are having any difficulties viewing this page please contact enquiries@napier.ac.uk.
View the Data Protection Code of PracticeSpecific sections which apply to students include:
Student processing of personal data
The University is responsible for personal data when it is the data controller for that data i.e. where the University determines the purposes for and the manner in which any personal data is to be processed.
A student is only permitted to use personal data for a University related purpose, with the knowledge and express consent of an appropriate member of staff. For research purposes this would normally be a postgraduate supervisor or the person responsible for teaching the relevant undergraduate class or course. For administrative purposes this will be on the express authorisation of the line manager or supervisor of the project on which the student is employed.
For more information consult: Processing of Personal Data by Students
Use of personal data in research
Staff, all Research Postgraduate (PhD) students and some Masters students (supervisors will advise if this applies to your project) will be processing personal data under the auspices of the University for their research projects and therefore need to complete the relevant documents to ensure their intended processing complies with the Legislation.
The Legislation has specific requirements with regards to research and requires researchers to ensure that they provide suitable safeguards to protect the rights and freedoms of individuals whose personal data they are processing. Staff and relevant students engaged in research at the University are therefore obliged to comply with the requirements of the data protection principles, the University’s Code of Practice and any associated guidance, when collecting and processing personal data for research purposes.
In addition to computerised records, these requirements apply to written records held in a structured filing system, including hardcopy documents, paper, microfiche records and video recordings.
For more information consult: Use of Personal Data in Research.
Use of the internet, social media and other externally hosted services
In order to encourage safe, responsible and acceptable use of the internet, Web 2.0 and other externally hosted services (e.g. Facebook, YouTube, Twitter, LinkedIn) guidance has been developed for students on How to be Webwise.
Collection and use of your personal data
All students are asked at registration to sign up to the University’s Privacy Notice for Students which explains how the University collects, uses, discloses and ultimately disposes of your personal data.
The University also publishes guidance on the student information we are required to disclose to HESA, which is available at the link above.
Graduations
The University's graduation ceremonies are significant events for our graduates, their guests and our staff. Important information about how we will use student data for graduation purposes is in this Privacy Notice page - please scroll down to the 'Layered Privacy Notice' and select the appropriate Graduation Privacy Notice.