No flash message
Some of the content and features delivered by this site requires JavaScript to be enabled in your browser
Thursday 23 November
My.Anglia > Staff > Sec clerk > Data Protection

Data Protection

The Data Protection Act 1998 governs, through a set of principles, the collection, processing and disposal of data held about individuals and the rights of individuals to access this data. 

Anglia Ruskin University is legally obliged to adhere to the eight principles of the Data Protection Act 1998 in the handling of data.  These are summarised below:-

  1. Personal data must be processed fairly and lawfully.
  2. Personal data must be obtained only for specified and limited purposes and should not be processed further for incompatible purposes.
  3. Personal data should be adequate, relevant and not excessive in relation to the purposes for which they were processed.
  4. Personal data should be accurate and, where necessary, kept up to date.
  5. Personal data should not be held longer than necessary.
  6. Personal data should be processed in accordance with the rights of individuals (data subjects).
  7. Appropriate technical and organisational measures should be taken against unauthorised processing of, loss of, or damage to, personal data. 
  8. Personal data should not be transferred to countries outside the EEA which lack adequate protection for data subjects’ rights. 

All staff and students of Anglia Ruskin University must comply with these principles when handling data.  Outside agencies handling data on our behalf must also comply.  Please refer to our Data Protection Policy for more information. 

All data held in relevant and structured filing systems are covered, both in electronic and manual formats. 

Compliance with the Data Protection Act 1998 is co-ordinated by The Records Management Team. On these pages, you will find guidance on how to ensure compliance with data protection law.

Our Data Protection Policy was reviewed by the Information Management Advisory Group (IMAG) in June 2015 and then approved by the Corporate Management Team in July 2016. To access the policy please click here.

Our Telephone Protocol for the Disclosure of Personal Data statement was approved in January 2016 by the Information Management Advisory Group (IMAG). To access the statement please click here.

Anglia Ruskin University provides a mandatory online Information Security and Data Protection course to members of staff. Members of staff should contact Human Resources ( to complete the course. The course should be completed every three years.

GDPR - The General Data Protection Regulation

The GDPR will come into effect in May 2018. This will apply to organisations operating in the EU and also to organisations outside the EU which are offering goods/services to EU citizens.

There are updated concepts include personal data, special categories of data (replacing sensitive personal data), consent, data processing principles and conditions for processing. There will also be mandatory data breach reporting within 72 hours, subject to conditions.

There will be larger fines for non-compliance (up to Euro 20m or 4% of turnover, whichever is smaller).

We will provide updates on this page as the new law comes in.