Data Protection and Information Compliance

The Information Compliance Team is responsible for ensuring compliance with GDPR, Data Protection Act 2018 and other related legislation. The Information Compliance Team provide expert advice, guidance and training to University staff on data protection issues such as:

  • potential/suspected data breaches (co-managed with ICT where appropriate);
  • ensuring that new or amended processes and projects lawfully process personal data;
  • ensuring relationships with partner organisations, service and software suppliers have appropriate sharing or processing agreements in place;
  • the retention, archiving and destruction of personal data, and;
  • the development of relevant policies and procedures to ensure that the University processes personal data in an appropriate, secure and respectful manner.

The team respond to Freedom of Information Act (2000) requests and liaise with colleagues across the University in coordinating that response, together with Subject Access Requests (SARs).  SARs may be made by anyone whose personal information has been processed by the University, including current and former students and staff. The co-ordination of responses to these requests requires a close working relationship with teams across the University.

The team provides training to staff across a number of relevant topics and to a network of Data Protection Champions across the University.

Information Compliance can be contacted via should you have any queries.

Freedom of Information

Under the Freedom of Information Act 2000, anyone is able to make a request to a public authority for information. The University of Lincoln, as a public authority as defined by the Act, is obliged to provide information either through its publication scheme or in response to requests made under the general right of access. To find out more please select a link:

Freedom of Information
Freedom of Information Act 2000 – Publication Scheme

Data Protection

The Data Protection Act 2018 (DPA) gives individuals the right to know what information is held about them and provides a framework to ensure that personal information is handled properly.

The Act works in two ways:

  • it requires that anyone who processes personal information must comply with its principles
  • it provides individuals with important rights, including the right to find out what personal information is held on computer and most paper records

To find out more, please visit:

Data Protection