Data Protection & Information Compliance

The Information Compliance Team is responsible for ensuring the University’s compliance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018 (DPA 2018).

The Information Compliance Team provides expert advice and support to the University in the following areas:

Policies, Guidance & Tools

All Information Compliance Policies, Guidance & other helpful tools

Data Subjects Rights

Find out how to make a Subject Access Request (SAR) or Freedom of Information (FOI) request

Data Breaches

Report a Personal Data Breach Incidents

University Privacy Notices

Find out how the University uses your information

Freedom of Information

Freedom of information and the Publication Scheme


The UK GDPR sets out 7 key principles, which form the core of the University’s approach to processing personal data:

  • Lawfulness, fairness and transparency – ensuring personal data is processed correctly
  • Purpose limitation – ensuring personal data is processed for specified, explicit and legitimate purposes
  • Data minimisation – ensuring personal data processing is adequate, relevant, and limited to the purpose.
  • Accuracy – ensuring personal data is correct and up to date.
  • Storage limitation – ensuring personal data is not kept for longer than is necessary, and is in a form to permit identification
  • Integrity and confidentiality (security) – safeguarding appropriate security, and authorised or lawful processing, and protecting against accidental loss, destruction, or damage
  • Accountability – indicating that the University takes responsibility for personal data and demonstrating its compliance.

Data subjects’ rights

The UK GDPR sets out the following rights for individuals:

  • Lawfulness, fairness and transparency
  • Purpose limitation
  • Data minimisation
  • Accuracy
  • Storage limitation
  • Integrity and confidentiality (security)
  • Accountability
Roles and responsibilities

The University of Lincoln is a ‘Controller’ under the DPA 2018. The Board of Governors is ultimately responsible for implementing the relevant data protection legislation. Responsibility for the overall management of the implementation of the legislation rests with the University Registrar, who is the University’s nominated Senior Information Risk Owner (SIRO).

Day-to-day responsibility for implementation of the legislation is delegated to the Information Compliance Team, with the Information Compliance Officers nominated as Data Protection Officers, in accordance with the UK GDPR. They are assisted by the Information Security Manager in relation to the security of personal data.

Registration with the Information Commissioner’s Office

The University’s registration of its processing of personal information is available for inspection as part of the Public Register of Data Controllers, which is maintained by the Information Commissioner’s Office (ICO).

The University’s registration number is Z7846984.

Enquiries and Complaints

Enquiries or complaints about data protection issues can also be made via or in writing to:

Information Compliance
Governance and Compliance
University of Lincoln
Brayford Pool

If you are still unhappy with the response from the University, you may contact the Information Commissioner’s Office (ICO) for advice.