Metadata
Title
Data Protection
Category
scholarships
UUID
8f65080fdcaa48438865b26106b09475
Source URL
https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/
Parent URL
https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/otherpr...
Crawl Time
2026-03-16T08:19:14+00:00
Rendered Raw Markdown 
# Data Protection

**Source**: https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/
**Parent**: https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/otherprivacynotices/

The University of Warwick is committed to protecting the privacy rights of individuals who entrust the University with their personal data. The [Data Protection PolicyLink opens in a new window](https://warwick.ac.uk/services/idg/it-compliance/policies/information-governance/ig02) outlines the University’s commitment to transparency, accountability, promoting good information governance, and compliance with both the GDPR and the Data Protection Act 2018.

The University is regulated by the [Information Commissioner's Office (ICO)](https://ico.org.uk/) and has the registration number **Z5856740** on the ICO's public register.

#### Data Protection Principles

The University strives to comply with the data protection principles. The principles are that personal data shall be:

- processed lawfully, fairly and in a transparent manner (**the lawfulness, fairness and transparency principle**);
- collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes (**the purpose limitation principle**);
- adequate, relevant and limited to what is necessary in relation to purposes for which they are processed (**the data minimisation principle**);
- accurate and, where necessary, kept up to date (**the accuracy principle**);
- kept in an identifiable format for no longer than is necessary (**the storage limitation principle**); and
- processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing, and against accidental loss, destruction or damage, using appropriate technical and organisational measures (**the integrity and confidentiality principle**).

The University is responsible for, and must be able to demonstrate, compliance with these principles. The University is proactive in its approach to data protection and has in place a number of appropriate technical and organisational measures. The University recognises that data protection is an ongoing obligation which must be regularly reviewed.

The measures put in place by the University include:

- appointing a **Data Protection Officer**;
- implementing policies, procedures, processes and training to promote and embed data protection by design and default;
- conducting **Legitimate Interests Assessments**;
- conducting **Data Protection Impact Assessments** on processing activities;
- implementing appropriate **privacy provisions in written agreements** when sharing personal data or engaging a data processor to conduct work on the University’s behalf;
- maintaining a record of processing activities; and
- applying pseudonymisation techniques.

##### **Accountability**

The University provides assurance and accountability for data protection by reporting to the following committees:

- [University Information Management Committee (UIMC)](https://warwick.ac.uk/services/gov/committees/uimc/)
- [University Information Management Executive Committee (UIMEC)](https://warwick.ac.uk/services/gov/committees/uimec/)
- [Audit and Risk Committee](https://warwick.ac.uk/services/gov/committees/audc/)
- [University Executive Board (UEB)](https://warwick.ac.uk/services/gov/committees/ueb/)

##### Key documents and templates

- [Data Subject Rights Request Form](https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/datasubjectrights/data_subject_rights_form_-_university_of_warwick_final.docx)
- [Legitimate Interests Assessment](https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/consent/legitimate_interests_assessment.docx)
- [International Transfer Impact Assessment](https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/internationaldatatransfers/international_transfer_impact_assessment.docx)
- [DPIA Screening Questionnaire](https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/dataprotectionimpactassessments/data_protection_impact_assessment_-_screening_questionnaire.docx)
- [Data Protection Impact Assessment](https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/dpia_template_29.08.2025.dotm)

##### Helpful links

- [Report a breach](https://warwick.service-now.com/sp?id=sc_cat_item&sys_id=55add4addb4ad45014eb49ee3b961902)
- [Training](https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/training/)
- [Policies](https://warwick.ac.uk/services/idg/it-compliance/policies/)
- [Privacy Notices](https://warwick.ac.uk/services/legalandcomplianceservices/dataprotection/privacynotices/)
- [Information Commissioner's OfficeLink opens in a new window](https://www.ico.org.uk)
- [Modern Records Centre's guidance on digitisation of records](https://warwick.ac.uk/services/library/mrc/digital-preservation/)
- [Managing your research data](https://warwick.ac.uk/services/library/staff/research-data/)