(Standing Order J.2)
(a) The College complies with the General Data Protection Regulation 2018, and corresponding current UK legislation.
(b) The Council shall appoint a Data Protection Officer, in conformity with current legislation. Until further notice, operational responsibility for the management of matters relating to data protection shall rest with the College Data Protection Lead.
(c) College Departments will review and update at least once a year returns made under the College-wide data audit, sending the results of such reviews in writing to the College Data Protection Lead. In so doing, the Head of Department will confirm that the Department has observed the retention/disposal arrangements detailed in those returns and reviews.
(d) Data Protection Policies and Privacy Notices detailing data processing and data sharing undertaken by and in the College shall be published and maintained on the College Website, by the College Data Protection Lead.
(e) The College Data Protection Lead will work with the Colleges Data Protection Officer at theOffice of Intercollegiate Services to ensure that Data Protection Policies, Privacy Notices and other relevant communications and internal processes are as consistent and as accessible as possible.
Approved by the College Council on 1 February 2024
