Data Protection Policy

Link to Policy  Data Protection Policy

Background

The EU General Data Protection Regulation (EU GDPR) is designed to harmonise and strengthen data protection law and practice across the EU. The UK GDPR is the UK General Data Protection Regulation. It is UK Law which came into effect on 1st January 2021. It sets out the principles, rights and obligations for most processing of personal data in the UK. It is based on the EU GDPR with some changes to make it work more effectively in the UK. 

The UK GDPR is supplemented by the Data Protection Act 2018 (DPA 2018) which sets out the framework for data protection law in the UK. It was amended on 1st January 2021 to reflect the UK's status outside the EU.

The UK GDPR sets out rules and standards for the use of information about living, identifiable individuals and applies to all organisations in all sectors, both public and private. It doesn’t apply to anonymous information or to information about the deceased. The UK GDPR’s rules and standards are based around the data protection principles and individual rights.

Purpose

Swansea University holds personal data about job applicants, employees, workers, students, suppliers and other individuals for a variety of purposes.

This policy sets out how the University seeks to protect personal data and ensure staff and students understand the rules governing their use of personal data to which they have access in the course of their work and/or studies.

Scope

The policy applies to all staff and students, and all items of personal data that are created, collected, stored and/or processed through any activity of Swansea University, across all areas including Schools, Colleges, Professional Services Units as well as wholly owned subsidiaries.

The policy covers, but is not limited to, Cloud systems developed or commissioned by Swansea University, any systems or data attached to University data or telephone networks, systems managed by Swansea University, mobile devices used to connect to the University networks or which hold University data, data over which Swansea University holds the intellectual property rights, data over which Swansea University is the data controller or data processor or electronic communications sent from Swansea University.

Link to Data Protection Procedures