Use of Personal Data by Students: Your Responsibilities

During the course of your studies you may process personal data (i.e. information about an identifiable living individual), for example, you may undertake a survey for a project. Whenever, you process personal data you must comply with the requirements of the Data Protection Act 1998. The University is a registered Data Controller and for most educational purposes you should be covered by the University's registration. The University will view breaches of the Data Protection Act seriously and may instigate disciplinary action. A breach of the Act could also result in both criminal charges and civil actions for compensation.

Data Protection Principles

To comply with the Act you must abide by the 8 data protection principles:

  1. Processed fairly and lawfully - this means that at least one of a number of provisions must be met and certain information must be provided to the data subject when the data is collected.
  2. Only processed for the purposes for which it was obtained.
  3. Adequate, relevant and not excessive.
  4. Accurate, up to date and necessary.
  5. Only kept as long as needed.
  6. Processed in accordance with data subject's rights.
  7. Surrounded by proper security.
  8. Not transferred outside the European Economic Area (EEA) unless an adequate level of protection for the rights and freedoms of the data subject is available.

Handling and Storing Data

It is particularly important to ensure that the data is held in a secure manner and that you abide by the requirements to ensure confidentiality of the data. The restrictions on transfer outside of the EEA effect the ability to publish data on the internet and this should only be done with the consent of the data subject.

If you are transferring personal data onto a portable device such as a laptop, USB stick, CD or disk, you must ensure that the data is encrypted so that it remains safe if the portable device is lost or stolen.

Research Data

If you are processing data for the research, history or statistical purposes then you may process data for that purpose even if it was not obtained originally for that purpose provided that processing is exclusively for those purposes, the data are not processed to support decisions about particular individuals and the data is not processed in such a way that substantial damage or distress is, or is likely to be caused. You may keep the data indefinitely and subject access does not have to be given, provided the results of the research are not made available in a form that identifies data subjects (i.e. you may include anoymised information such as case studies etc but shouldn't name individuals without their consent).

Further Guidance

Undergraduate students carrying out coursework or projects should seek advice from their course tutor or project supervisor

Post-graduate students writing dissertations should seek advice from their individual supervisor.

The University's policy and procedures on Data Protection may be found under the Data Protection Policy Statement.

If you are processing personal data for private purposes, this is not governed by the University although it may be governed by other University regulations, for example the University IT Regulations.

The Students' Union is registered separately under the Data Protection Act and enquiries about processing personal data for student societies and other Union activities should be directed to Hallam Union.

Related Information

Information about how the University processes personal data about you while you are a student can be found at:

If you have any queries about your rights to accessing the personal information that the University holds about you, contact Helen Williamson at the University Secretariat:

Tel. 0114 225 3361


Academic Regulations and student policies