Information for students

The Information Compliance team also supports the University’s students by providing tailored information and practical advice about data protection and compliance issues.

In most cases, the studying and research conducted by students is exempt from the requirements of data protection and compliance. Nonetheless, applying the principles of data protection in your studies and research is always good practice!

The Privacy Notice also explains how the University uses its students’ personal data.

Applying the principles of data protection in your work

Applying the following principles of data protection in your studies and research is always good practice:

  • Carefully consider what personal data you need to collect for your work/project, and obtain the consent of your supervisor or other relevant members of University staff
  • Give a clear explanation of what you are going to do with the collected data to the people participating in your research – consider creating a Privacy Notice, or research participant sheets, consent and/or explicit consent statements and periodic updates to ensure awareness to ensure your data subjects are aware of what you’re doing and are reassured that their data is protected
  • Don’t collect or keep data that is not necessary for your research
  • Anonymise data where possible by removing names and other identifying information.
  • Ensure that all personal data is recorded accurately and kept timely
  • If required, obtain ethical consent for your research or project. The University’s ethics approval process is not formally part of data protection or compliance regulations
  • If applicable, respect reasonable data access requests, particularly related to consent gathering
  • Do not disclose personal data to anyone except the individual concerned – unless legally required to do so
  • Store personal data securely – be that physical files, or data on University infrastructure, OneDrive
  • Securely destroy personal data when it is no longer necessary for your research

Ensuring security and protecting data in the digital world

Applying the following security-related actions when conducting your studies and research is very important:

  • Use strong passwords and encryption
  • Mind your devices as these can be lost or stolen
  • Practice good digital hygiene by regularly deleting your private laptop’s download folder or hard drive or other devices’ memories from downloads and personal data handled
  • Use secure email such as your University account
  • Be careful with email headers and don’t include names or personal data in subject lines
  • Beware of autocomplete, and using the ‘reply all’ and ‘bcc/cc’ fields in emails
  • Beware of dodgy links, attachments, unknown USB sticks or CD-ROMs etc… – and don’t open these or insert these into your laptop/device
  • Use firewalls and updated antivirus software on private equipment – University systems are protected by default
  • Check that auto-sync is not publishing all your data
  • Review and double check before sending emails

Ensuring security and protecting data in the physical world

Applying the following security-related actions when conducting your studies and research is very important:

  • Only handle the minimum data necessary at a time
  • Don’t leave files in a car (even in the boot)
  • Be careful with being distracted or leaving bags unattended
  • Conversations can be overheard, so be discrete with your discussions
  • Don’t leave papers on the photocopier/printer
  • Keep files locked away overnight and your desk or work area clear
  • Be mindful of any building access security passes
  • Tracked delivery for posting sensitive data
  • Double check before posting
  • Be mindful of your hand-held and mobile devices