The General Data Protection Regulation (GDPR) is a new legal framework for data protection and will apply to all member states from 25 May 2018. The current Data Protection Act 1998 will be replaced by GDPR which will bring some new requirements on organisations that obtain, hold, use or store personal data.
Prospective students, employees and other stakeholders have to trust that their personal details will be safe at the university. We, at Robert Gordon University, are expected to safeguard personal information of both staff and students properly and not to abuse it. For this reason we have developed a robust Information Governance Policy (PDF 218KB) that would meet these needs.
The university's registration number with the Information Commissioner's Office is Z5607918.
The University has a series of privacy notices to ensure transparency and explain to individuals how their personal data will be used.
- Student Privacy Notice (274KB)
- Employee Privacy Notice (PDF 75KB)
- RGU SPORT Privacy Statement (PDF 181KB)
- Accomodation Privacy Statement (PDF 230KB)
- Recruitment Privacy Notice (PDF 115KB)
Accessing your personal data
Under the GDPR, individuals (i.e. data subjects) have a right to know what data is held about them at RGU and a right to access their personal data. Data subjects must submit a request to access this information. Please note the university may request evidence of your identity (a copy of passport and/or driver’s license). The university provides a Subject Access Request Form (PDF 280KB) in order to assist in making a request, however you may also submit a request in a letter, email or verbally.
Once the request has been validated and verified the university will respond within one month. Please note that you can only request your own personal data under a subject access request, unless you are proven to be authorised to act on behalf of the data subject.
Data Protection by design
Under GDPR the university in required to demonstrate that data protection has been considered in our activities. The university has a data protection impact assessment (DPIA) in order to ensure that new projects or systems are designed with data protection compliance built in from the start and that any privacy risks are managed.
- Date Protection Impact Assessment Template (DOC 34KB)
- Data Protection Assessment Guidance (PDF 240KB)
A personal data breach may be defined as a breach of security that has affected the confidentiality, integrity or availability of personal data.
CCTV and Data Protection
Organisations, whose premises have CCTV (close circuit television) systems in operation, must inform the UK Information Commissioner that they are gathering personal information about the people they are recording. They must also put up signs to warn the public that this recording is taking place. The Robert Gordon University is registered with the Information Commissioner for the use of CCTV.
Contact Details and Further Information
If you are dissatisfied with the way in which your personal data has been handled please contact the University Data Protection Officer in the first instance. If you are dissatisfied with the response from the University you have the right to lodge a complaint with the Information Commissioner’s Office
Data Protection Officer
Robert Gordon University
Tel. +44 (0)1224 262076