Skip to main navigationSkip to main content
The University of Southampton

Data Protection and GDPR

The Data Protection Act (DPA) is a law designed to protect personal data stored on computers or in an organised paper filing system.

Data Protection is everyone's responsibility. There are policies, processes and guidance that you must follow in order for the University to be compliant.

The University's Data Protection policy can be found here: University of Southampton Data Protection Policy.

Personal data is any data that by itself or in conjunction with other information makes a person identifiable. Special catagory personal data covers more sensative information.

Personal data includes:

Examples of sensative personal data includes:

Further information is available on the Information Governance and Data Protection SharePoint site.

What is the General Data Protection Regulation (GDPR)?

GDPR is a pan-European piece of legislation that repearls the Data Protection Act 1998. It includes a stregthened set of principles governing the use of personal data.

GDPR establises a consistent set of rules and defination of terms across Europe, making it easier to do business and protect privacy. It came in to force in May 2018.


Data Breaches

A data breach is where personal data is stolen, destroyed, lost, altered, shared, used or accessed without authorisation.

21 per cent of UK businesses suffered a data breach between 2016 and 2017.

80 per cent of data breaches are due to simple human error such as a lost laptop or an incorrect email respondant.

in July 2019, The Information Commissioner's Office announced two major fines for data breaches:

What can you do to help with compliance?

Appropriately create, store, use, share, archive and destroy personal data.

You can report a data breach using the data breach incident report form.


Privacy Settings