Breaches of Data Protection

Both staff and students should be prepared to highlight any instances where they think that data protection has been breached, whether this relates to a breach of the Data Protection Act itself, the University’s registration as a data controller, or the data protection policies included in these pages.

The sections below outline the procedures which should be followed, particularly in scenarios where urgent action needs to be taken such as the loss of, misuse of, or release to unauthorised persons of, significant amounts of personal data.

Staff

1. If action to remedy the situation may be effective, then this should be undertaken immediately
2. If the above is not applicable, the Data Protection Manager should be informed as soon as possible, together with the relevant line manager and departmental Information Champion
3. If a breach has been successfully dealt with locally, the Data Protection Manager should still be informed

Students

1. A student suspecting a breach of data protection should initially inform the Data Protection Manager

Action taken subsequently will depend upon the nature of, and potential risks associated with, the incident.