Data Protection Policy

Link to Policy  Data Protection Policy


The General Data Protection Regulation (GDPR) is designed to harmonise and strengthen data protection law and practice across the EU and came into force on the 25th May 2018 and is regulated in the UK by the Information Commissioner’s Office (ICO).

It is supplemented in by the Data Protection Act 2018 which legislates those areas where the GDPR gives EU Member States the discretion to vary the rules, and sets out the ICO’s regulatory powers in more detail.

The GDPR sets out rules and standards for the use of information about living, identifiable individuals and applies to all organisations in all sectors, both public and private. It doesn’t apply to anonymous information or to information about the deceased. The GDPR’s rules and standards are based around the data protection principles and individual rights.


Swansea University holds personal data about job applicants, employees, workers, students, suppliers and other individuals for a variety of purposes.

This policy sets out how the University seeks to protect personal data and ensure staff and students understand the rules governing their use of personal data to which they have access in the course of their work and/or studies.


The policy applies to all staff and students, and all items of personal data that are created, collected, stored and/or processed through any activity of Swansea University, across all areas including Schools, Colleges, Professional Services Units as well as wholly owned subsidiaries.

The policy covers, but is not limited to, Cloud systems developed or commissioned by Swansea University, any systems or data attached to University data or telephone networks, systems managed by Swansea University, mobile devices used to connect to the University networks or which hold University data, data over which Swansea University holds the intellectual property rights, data over which Swansea University is the data controller or data processor or electronic communications sent from Swansea University.

Link to Data Protection Procedures