The University of Lincoln is committed to the Data Protection Act 1998 (DPA) and complies with its eight principles, which are to ensure that personal information is:

  • Fairly and lawfully processed
  • Processed for limited purposes
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not kept for longer than is necessary
  • Processed in line with your rights
  • Secure
  • Not transferred to other countries without adequate protection.

Roles and Responsibilities 

The University of Lincoln is a ‘Data Controller’ under the DPA. The Board of Governors is ultimately responsible for implementation of the DPA, with responsibility for the overall management of the implementation of the legislation lying with the University Registrar and day-to-day responsibility delegated to the Information Compliance Officers.

All staff are required to adhere to the requirements of current data protection legislation and the University’s Data Protection Policy.

Data Protection Policy – v1.4

Data Protection Policy Summary

Data Security Breach Management Procedure v 4.1

Registration and Notification to the Information Commissioner’s Office 

The University’s registration and notification of its processing of personal information is available for inspection as part of the Public Register of Data Controllers maintained by the Information Commissioner’s Office (ICO). The University’s registration number is Z7846984.

Subject Access Requests 

The DPA gives you the right to access information held about you. You can make what is known as a ‘subject access request’ under the DPA. To make a subject access request it must be in writing, and the University needs to be able to verify your identity.

Please provide as much detail as you can about what information you would like to access and with which departments you have had contact. This will help speed up the search for your information. The Subject Access Request Form can be used to provide these details.

Once we have your request we have forty days in which to provide the information, although we will try to get it to you sooner.

Further information and guidance on requesting your information is available on the ICO’s website:

Enquiries and Complaints 

Enquiries or complaints about data protection issues should be made in writing to:

Information Compliance Officer
University of Lincoln
Brayford Pool


If individuals feel they are being denied access to personal information they are entitled to, or feel their information has not been handled according to the eight principles, they can contact the Information Commissioner’s Office (

Guidance Documents

Audio Video Recording of Taught Sessions Guidance V1.1

Data Protection and Disclosure of Information by Telephone v1.1

Examination Scripts and the Data Protection Act 1998 V1.1

Requesting a reference – Guidance for staff and students V1.1

Providing references for staff and students – Guidance for Staff V1.1

Data Protection Compliance – Project Assessment Form v1.1