Data Protection Policy

Link to Policy  Data Protection Policy


The General Data Protection Regulation (GDPR) will apply in the UK and the rest of the EU from 25 May 2018 and will replace the Data Protection Act 1998 (DPA). The GDPR is designed to harmonise and strengthen data protection law and practice across the EU. Like the DPA, it will be regulated in the UK by the Information Commissioner’s Office (ICO).

It will apply in the UK and is supplemented in by a Data Protection Bill that was introduced in Parliament in September 2017 and will become law by May 2018; amongst other things, the Bill legislates in those areas where the GDPR gives EU Member States the discretion to vary the rules, and it sets out the ICO’s regulatory powers in more detail.

Like the DPA, the GDPR sets out rules and standards for the use of information about living identifiable individuals and applies to all organisations in all sectors, both public and private. It doesn’t apply to anonymous information or to information about the deceased. The GDPR’s rules and standards are based around the existing DPA concepts of data protection principles and individual rights. Accordingly, many of the concepts in the GDPR and reflected in this document are updated from current provisions in the DPA.


Swansea University holds personal data about job applicants, employees, workers, students, suppliers and other individuals for a variety of purposes.

This policy sets out how the University seeks to protect personal data and ensure staff and students understand the rules governing their use of personal data to which they have access in the course of their work and/or studies.


The policy applies to all staff and students, and all items of personal data that are created, collected, stored and/or processed through any activity of Swansea University, across all areas including Schools, Colleges, Professional Services Units as well as wholly owned subsidiaries.

The policy covers, but is not limited to, Cloud systems developed or commissioned by Swansea University, any systems or data attached to University data or telephone networks, systems managed by Swansea University, mobile devices used to connect to the University networks or which hold University data, data over which Swansea University holds the intellectual property rights, data over which Swansea University is the data controller or data processor or electronic communications sent from Swansea University.

Link to Policy 

Links to specific Data Protection Guidance Documents:-

 Update & Approve