Accessibility statement

Data protection principles 

Under UK GDPR, personal data must be processed (e.g., collected, organised, altered, stored, used, shared, disposed of) in accordance with the data protection principles. The six principles are summarised below. 

Personal data must be: 

  • processed fairly, lawfully and transparently;
  • processed for specified, explicit and legitimate purposes; 
  • adequate, relevant and limited to what is necessary; 
  • accurate and, where necessary, kept up-to-date; 
  • retained for no longer than necessary; and
  • kept secure.       

In addition, the University must demonstrate accountability for its compliance with these principles.