Records Management

Data protection

Data Protection legislation gives rights to people about whom we hold information, and gives us responsibilities regarding that information. Find out more about data protection at the links below.

Five key points

The five key points every member of staff needs to know.

What is data protection?

The Data Protection Act 1998 applies to information about individuals ("personal data"). It sets out the requirements for handling personal data and gives individuals the right to access information that the University holds about them.

General Data Protection Regulation (GDPR)

Information about the University's work to implement new data protection legislation.

Dealing with subject access requests

Data protection legislation gives people the right to see personal information which the University holds about them. They exercise this right by making a subject access request.

Guidance & policies

Data protection legislation sets out what you can and can't do with information that the University holds about individuals. These pages offer advice on specific aspects of data protection which have implications for your work or research. The guidance is listed alphabetically below.

University of Edinburgh data protection policy

The Data Protection Act 1998 (DPA) was passed in order to implement the European Directive on data protection and applies to all personal data which are held either electronically or in a manual filing system. The Act commenced on 1st March 2000 with most of its provisions becoming effective on 24th October 2001.