Data Protection

Policy and Guidance

The University of Bedfordshire (the Accountable Body for ICT Escalator) is bound by the Data Protection Act 1998 to register all activities which require the collection, storage, processing, retrieval and disposal of personal data with the Information Commissioner and to undertake these activities in accordance with the provisions of the Act. The Act covers data which is held in a form where it can be processed both automatically on computers and in structured manual filing systems. 

The activities which the University has registered with the Information Commissioner are:

  • Staff, agent and contractor administration
  • Advertising, marketing, public relations and general advice services
  • Accounts and records
  • Education
  • Student and staff support services
  • Research
  • Other commercial services
  • Publication of the University magazine
  • Crime prevention and the prosecution of offenders
  • Alumni relations

A full copy of the University’s registration document can be viewed on the Information Commissioner’s web-site at:  A printed copy may be obtained from the office of the University Secretary, who is the University’s nominated data protection officer.

Personal data is information about any living identifiable individuals, including both statements of fact and expressions of opinion.

It is the University’s policy to seek consent from individuals for the storage and processing of personal data concerning them, although the University may process personal data without a person’s consent where this is permissible under the 1998 Act (for example in pursuit of a contract between the University and an individual).  The University will declare the purposes for which personal data will be used and seek specific consent for the disclosure of personal information to third parties, except where this is permissible under the Act.

5. Sensitive data include personal data which comprise information on the racial or ethnic origin of an individual, his or her religious beliefs, political opinions or trade union membership, physical or mental health, sexual life, or criminal record or any criminal proceedings or allegations.

6. It is the University’s policy to seek explicit consent for the processing and disclosure of sensitive data, and to declare the purposes for which such data may be used.

7. In respect of both personal and sensitive data, the University will:

  • use it only for the purposes for which it was obtained;
  • collect only that which is necessary in relation to the purpose for which it is required;
  • ensure its accuracy and take all reasonable steps to ensure that it is kept up to date;
  • retain it only as long as it is needed for the purpose for which it was obtained;
  • process in accordance with the rights of data subjects under the 1998 Act;
  • take technical and organisational measures to ensure its security, that no unauthorised or unauthorised processing takes place, and that it is protected against accidental loss, damage or destruction;
  • ensure that it is not transferred outside the European Economic Area.
  • share information only with Strategic Partners of the ICT Escalator project, and this shall not be used for marketing purposes

If you have any questions or concerns about your data, how it is used, who has access to it or how it can benefit you, please get in contact with us at