Policies
The Information Compliance Team is responsible for developing and maintaining various policies related to data protection and compliance, which are formal requirements and set out the related direction and intent of the University.
Some of these policies are available to all whilst some are only available to University-registered individuals.
- Data Protection Policy – This policy provides a comprehensive framework for the University’s compliance efforts for staff and agents of the University. Student-oriented guidance is available within the Guidance section below.
- Data Protection Statement – This statement establishes the University’s pledge toward data protection.
- Information Ownership and Classification Policy – This policy sets out the ownership and accountability for information within the University and defines a risk-based classification scheme for the treatment of information.
- Records Management Policy – This policy outlines the University’s approach to improving the control of its valuable information assets.
- Records Management Policy – UoL Retention Schedule – This policy outlines the University’s retention schedule.
Guidance
The Information Compliance Team produces various guidance and advice documents related to specific topics, processes, or tasks.
Some of these guidance and advice documents are available only to University-registered individuals.
- Direct Marketing Guidance
- Mobile Phone Usage for Research Guidance
- Photography and Audio-Visual Materials Guidance on Data Protection and Privacy
- Marketing and data protection rules for staff involved with marketing activities
- Working From Home Guidance
- Sharing Information via email Guidance
- Supplier Data Processing Terms Checklist
- Students Processing Personal Data – Guidance for Students
Tools
The Information Compliance Team below provides the most common templates and tools needed to ensure that the University’s projects, processes, research undertakings and third-party agreements are managed in a compliant fashion.
Some of these templates and tools are available only to University-registered individuals.
- Data Protection Impact Assessment (DPIA)
- Data Protection Impact Assessment (DPIA) – for surveillance systems
- Information Sharing Agreement (ISA)
- Data Processing Agreement (DPA)
- Data Processing Agreement (DPA) with UK Addendum – for data transfers subject to EU GDPR
- UoL International Data Transfer Agreement (IDTA) – for UK to overseas data transfers
- UoL Transfer Risk Assessment (TRA) – to accompany an IDTA
- Legitimate Interests Assessment (LIA)
- Privacy Notice template