Skip to main content
Data Protection Policy – Bath Spa University

Everyone has rights with regard to the way in which their personal data are handled.

Bath Spa University is committed to a policy of protecting the rights and privacy of individuals (including students, staff and others) in accordance with Data Protection Laws. The University commits to:

  • Processing personal data fairly and legally by appropriately applying the Data Protection Principles;
  • Supporting and enabling the rights of individuals under Data Protection Laws;
  • Keeping personal data secure by implementing appropriate technical and organisation security measures; using appropriate contracts with third party organisations who may act as data processors on the University’s behalf or as separate data controllers; holding relevant records about the personal data we process; and ensuring adequate safeguards are in place whenever personal data is transferred to a third country.
  • Designing privacy into our systems and processes and conducting Data Protection Impact Assessments where necessary;
  • Cooperating with and being responsive to relevant guidance from the Information Commissioner’s Office (ICO).

Our Data Protection Policy sets out a summary of the University’s responsibilities under Data Protection Laws and makes clear the specific responsibilities for data protection compliance within the University.

Date of last approval: May 2018
Approved by: VCAG 
Date of next review: March 2019 
Department/Post responsible: Secretariat (Compliance)

Edit section | Website feedback to web@bathspa.ac.uk