Notification to the Information Commissioner

The Information Commissioner is required to keep a register of data users. The University’s register entry is compiled by the Commissioner from the information given in the application form, which is filled out by the Data Protection Officer  

The University is required to keep a record of its processing activities which must be made available to the Information Commissioner on request. This document outlines:-

  • The name and contact details of your organisation (and where applicable, of other controllers, your representative and your data protection officer).
  • The purposes of your processing.
  • A description of the categories of individuals and categories of personal data.
  • The categories of recipients of personal data.
  • Details of your transfers to third countries including documenting the transfer mechanism safeguards in place.
  • Retention schedules.
  • A description of your technical and organisational security measures.

The University's record of processing activity is reviewed and updated annually. If a new project involving personal data is being set up, or data already held are to be made available to different categories of people or used for a different purpose than the original, the GDPR Departmental Champion must be informed and this information will be passed to the Data Protection Officer.

The Commissioner ensures that the Data Protection Principles are observed and can serve an Enforcement Notice directing a registered Data User to take specific steps to comply where it is considered that there has been a breach of a principle. Information Notices can also be served where the Commissioner believes that a controller has information that would reveal a breach of the principles. The Commissioner's Office is a prosecuting authority in its own right, investigating cases and bringing them to court.

The Data Protection Public Register can be viewed on the Internet at The University’s registration number is Z6102454.