The University of Lincoln is committed to the Data Protection Act 1998 (DPA) and complies with its eight principles, which are:

To ensure that personal information is:

  • Fairly and lawfully processed.
  • Processed for limited purposes.
  • Adequate, relevant and not excessive.
  • Accurate and up to date.
  • Not kept for longer than is necessary.
  • Processed in line with your rights.
  • Secure.
  • Not transferred to other countries without adequate protection.

Roles and Responsibilities 

The University of Lincoln is a ‘Data Controller’ under the DPA. The Board of Governors is ultimately responsible for implementation of the DPA, with responsibility for the overall management of the implementation of the legislation lying with the University Registrar, and day-to-day responsibility delegated to the Information Compliance Officers.

All staff are required to adhere to the requirements of current data protection legislation and the University’s Data Protection policy:

Data Protection Policy

Data Protection Policy Summary

Data Security Breach Management Procedure

Registration and Notification to the Information Commissioner’s Office 

The University’s registration and notification of its processing of personal information is available for inspection as part of the Public Register of Data Controllers maintained by the Information Commissioner’s Office (ICO).

The University’s registration number is Z7846984.

Subject Access Requests

The DPA gives you the right to access information held about you. You can make what is known as a ‘subject access request’ under the DPA.

Subject Access Requests must be submitted by you in writing, and the University needs to be able to verify your identity.

You should provide as much detail as you can about what information you would like to access, and with which departments you have had contact. This will help speed up the search for your information.

The Subject Access Request Form can be used to provide these details.

Once we have your request we have forty days in which to provide the information, although we will endeavour to get it to you sooner.

Further information and guidance on requesting your information is available on the ICO’s website:

Enquiries and Complaints 

Enquiries or complaints about data protection issues should be made in writing to:

Information Compliance Officer
University of Lincoln
Brayford Pool


If individuals feel they are being denied access to personal information they are entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner’s Office. (

Guidance Documents

Audio Video Recording of Taught Sessions Guidance

Data Protection and Disclosure of Information by Telephone

Examination Scripts and the Data Protection Act 1998

Requesting a Reference – Guidance for Staff and Students

Providing References for Staff and Students – Guidance for Staff

Data Protection Compliance – Project Assessment Form