Skip to content

Information Governance

Data Protection Legislation

NTU is a Data Controller for the purposes of the UK General Data Protection Regulation, Data Protection Act 2018 and associated data protection legislation. Data Protection Legislation is designed to create consistency and strengthen data protection principles and practices with a strong emphasis placed on the rights of individuals.

At NTU, we use and share personal information for our administrative purposes, in order to identify, deliver and monitor services that we provide, to carry out our functions as a university, and to comply with our legal obligations.

NTU is registered with the ICO - Z7109967.

Privacy notices

NTU processes personal data relating to prospective students, students, graduates/alumni, employees (and applicants) in addition to suppliers and other third parties.

Our privacy notices explain how we collect, use, retain and store your data and explains your rights in relation to that processing.

Policies and procedures

The University is a large and complex organisation and we are highly dependent on the processing of personal data for our activities. The University takes into consideration data privacy of individuals at all stages of our processes.

Data protection policy

The University is committed to protecting the privacy and security of personal information which includes the personal data of our staff, students and other third parties. This data protection policy sets out the minimum standards which must be complied with by the University.

Data protection policy

Data breach policy and procedure

This policy sets out how the University identifies and manages its data breach responsibilities in accordance with its legal and regulatory obligations. This data breach policy sets out the minimum standards which must be complied with by the University.

Data breach policy 
Data breach procedure

Subject access request (SAR)

This policy sets out how the University identifies and manages its SAR responsibilities in accordance with its legal and regulatory obligations. Data subjects have a right of access under the GDPR that allows them to make requests to organisations that hold personal data about them. The SAR Procedure provides the process for accessing your information and provides an easy to use form for requesting your data. Alternatively, you can email us.

Subject access request policy
Subject access request procedure 

Records retention

The University’s records are an important sources of administrative/evidential and historical information. These are pivotal to our activities and to assist us with accountability. The University has developed a Records retention schedule.

Records retention schedule

Information classification scheme

All University data has an inherent value and is an important asset to the University. However, data varies in its sensitivity and value and different types of data will require different levels of security. All University information and data should be handled appropriately to ensure that any risks are effectively managed (which includes adequate storage and processing with appropriate security and access controls in place).

Information classification scheme

Freedom of Information at NTU

The Freedom of Information Act 2000 covers information relating to the way Nottingham Trent University is governed and how decisions are made.

Please visit our webpage here.