Corporate Governance


The University of Portsmouth, in its role as a centre of knowledge, research, education and training, holds a great deal of information about the people who study or work here. The way in which the University manages this personal information is governed by the Data Protection Act 1998.

These web pages aim to explain how the University manages information in line with the Data Protection Act, and the implications for both staff and students. There is a general explanation of the most relevant parts of the Data Protection Act that are applicable to everyone, followed by information for students and staff on how both groups are affected by the legislation - your rights and responsibilities.

Data Protection Act 1998

The Legislation


  • Personal Data
  • Sensitive Personal Data
  • Processing
  • Data Subject
  • Data Controller
  • Data Processor
  • Subject Access Requests


The General Data Protection Regulations will come into force in May 2018 and replace the current Data Protection Act.  


GDPR Frequently Asked Questions

The quarterly IG Newsletters contain articles on the University's preparation for the GDPR.

Staff guidance
(held in EDM system)

Privacy notice checklist

Requesting Your Data

Anyone can make a request to find out what information is held about them by the University.  This is known as a Subject Access Request.

Should I make a request?

How do I make a request?

Is there a charge?

What data can I expect to receive?

How long will it take?

What if I am not happy with the response?