The University of Lincoln is committed to the Data Protection Act 2018 (DPA) and complies with its principles, which are:
To ensure that personal information is:
- Processed lawfully, fairly and in a transparent manner;
- Processed for specified, explicit and legitimate purposes, and not processed for incompatible purposes;
- Adequate, relevant and limited in relation to the purposes of processing;
- Accurate and, where necessary, kept up-to-date ;
- Not kept for longer than is necessary, in a form which permits identification;
- Processed in a manner that ensures appropriate security, including protection against unauthorised or unlawful processing, against accidental loss, destruction or damage
The University is responsible for, and must be able to demonstrate, compliance with the above principles.
Roles and Responsibilities
The University of Lincoln is a ‘Controller’ under the DPA. The Board of Governors is ultimately responsible for implementing the relevant data protection legislation. Responsibility for the overall management of the implementation of the legislation rests with the DVC(People Services and Operations) who is the University’s nominated Senior Information Risk Owner.
Day-to-day responsibility for implementation of the legislation is delegated to the Information Compliance Team, with the Information Compliance Officers nominated as Data Protection Officers, in accordance with the General Data Protection Regulation (GDPR). They are assisted by the Information Security Manager in relation to the security of personal data.
All staff are required to adhere to the requirements of current data protection legislation and the University’s Data Protection policy:
Registration and Notification to the Information Commissioner’s Office
The University’s registration and notification of its processing of personal information is available for inspection as part of the Public Register of Data Controllers maintained by the Information Commissioner’s Office (ICO).
The University’s registration number is Z7846984.
Subject Access Requests, and Other Rights
Data protection legislation provides individuals (data subjects) with important rights, including the right of access, which allows them to find out what personal information is held on computer and most paper records by the University. To exercise the right of access, individuals should make a Subject Access Request by contacting the Information Compliance Team at the address below. In addition to the right of access, individuals also have the following rights:
• The right to be informed
• The right to rectification
• The right to erasure (or known as the right to be forgotten)
• The right to restrict processing
• The right to data portability
• Rights in relation to automated decision making and profiling
Further information and guidance on requesting your information is available on the ICO’s website: https://ico.org.uk/your-data-matters/your-right-of-access/
Enquiries and Complaints
Enquiries or complaints about data protection issues should be made in writing to:
University of Lincoln
If individuals feel they are being denied access to personal information they are entitled to, or feel their data is not being handled in accordance with the principles, they should initially contact the Information Compliance Team outlining their concerns. If they are still unhappy with the response from the University, they can contact the Information Commissioner’s Office (ICO) for advice (https://ico.org.uk/)