Corporate Governance


The University of Portsmouth, in its role as a centre of knowledge, research, education and training, holds a great deal of information about the people who study or work here. The way in which the University manages this personal information is governed by the General Data Protection Regulation (GDPR).

These web pages aim to explain how the University manages information in line with the GDPR, and the implications for both staff and students. There is a general explanation of the most relevant parts of the GDPR that are applicable to everyone, followed by information for students and staff on how both groups are affected by the legislation - your rights and responsibilities.

General Data Protection Regulation (GDPR)

The Legislation


  • Personal Data
  • Special Category Data
  • Processing
  • Data Subject
  • Data Controller
  • Data Processor
  • Subject Access Requests

Fact sheets and Statements

These fact sheets provide detail on subjects we believe are of interest:

  1. Differences between GDPR and the DPA1998
  2. Legal Bases for Processing
  3. Processing based on consent
  4. Information for privacy notices
  5. Direct Marketing/Mailing lists
  6. Data breach notifications
  7. Research and GDPR

The University has produced the following data protection statements:

Requesting Your Data

Anyone can make a request to find out what information is held about them by the University.  This is known as a Subject Access Request.

Should I make a request?

How do I make a request?

Is there a charge?

What data can I expect to receive?

How long will it take?

What if I am not happy with the response?


Further Info

Internal Links:

GDPR Frequently Asked Questions

The quarterly IG Newsletters contain articles on information governance issues around the University.

External Links:

For more information on data protection, contact the University's Information Disclosure Manager ( or call 02392 843642)