Data Protection Act 1998

The Data Protection Act 1998 gives you a right of access to the data which organizations hold about you, and specifies how that data can be gathered, used and disseminated. The Act governs the collection, retention, and transmission of information held about living individuals and the rights of those individuals to see this information. All departments within the University must be aware of the potentially far-reaching effects of this legislation. Those that record and use personal information are required to follow eight data protection principles. In particular, personal data must:

  • be processed fairly and lawfully.
  • be held only for specified and lawful purposes and must not be further processed in any manner incompatible with those purposes.
  • be adequate, relevant and not excessive in relation to the purpose for which it is processed.
  • be accurate and where necessary kept up to date.
  • not be kept for longer than is necessary.
  • be processed in accordance with the rights of the data subject under the Act.
  • be protected using appropriate technical and organisational measures against unauthorised or unlawful processing and against accidental loss or destruction of the data.
  • not be transferred to a country or a territory outside the European Economic Area without an adequate level of protection for the rights and freedoms of data.

In order to comply with the Data Protection Act 1998, Swansea University has developed a Data Protection Policy to ensure that students and staff fully comply with the requirements of the Act.