London Metropolitan University has to collect and process large quantities of information, much of it personal, and some of it sensitive data. It is crucial that such data, whether in electronic or hard copy format, is managed effectively, securely and in accordance with the General Data Protection Regulation (GDPR).
The General Data Protection Regulation gives you a right of access (subject to certain exemptions) to the data which organisations hold about you and specifies how that data can be gathered, used and disseminated. London Metropolitan University is required by law to conform to the principles of the GDPR. The University’s Data Protection Policy (see below) sets out the way in which we seek to comply with the requirements of the Act.
The Data Protection Policy is binding on all staff, so staff should familiarise themselves with the policy:
The University also provides data protection guidance for staff and privacy notices for staff and students about how we handle their data:
- Staff Privacy Notice
- Student Privacy Notice
Requests for information about individual students
Sometimes a third party may request information about a student, or wish to discuss a student with us (not to be confused with Exceptional Disclosures, see below). These requests may come from parents or other representatives of the student. Consent should be obtained from the student before proceeding to share information with others. The form below may be used for this purpose:
If a third party requests information about a student and it would not be appropriate for the student to be aware of the request, for example, if the request is part of a police or other government agency enquiry in compliance with the Data Protection Act 2018, then the enquirer should be directed to the University's Information Compliance Officer.
Enquiries relating to Data Protection at London Met should be directed to the University’s Data Protection Officer:
Data Protection Officer
University Secretary’s Office
London Metropolitan University
166-220 Holloway Road
Telephone: +44 (0)20 7133 4137
Key areas of data protection
The University's training plan is to give staff a basic understanding of the Data Protection Act and their obligations and responsibilities within their role, under the Act.
The Data Protection Act 1998 gives individuals a right of access to the personal data which organisations hold about them, subject to certain exemptions.
HESA provides statements on the collection and use of personal data it collects from Universities about their students and staff.