The General Data Protection Regulation (GDPR) prot

The General Data Protection Regulation (GDPR) protects the rights of individuals by setting out certain rules as to what organisations can and cannot do with information about people. A key element to this is the principle to process individuals’ data lawfully and fairly. In order to meet the fairness part of this we need to provide information on how we process personal data.

The University takes its obligations under the GDPR very seriously and will always ensure personal data is collected, handled, stored and shared in a secure manner.

The following statements will outline what personal data we collect, how we use it and who we share it with. It will also provide guidance on your individual rights and how to make a complaint to the Information Commissioner’s Office (ICO), the regulator for data protection in the UK.

Appropriate Policy Document

Data Protection Policy

Data Privacy Impact Assessment (DPIA) Policy

General Privacy Notice Policy

Lawful Basis of Processing Student Personal Data

Group Privacy Notice & MU Services Limited Privacy Notice for Staff

Privacy Notice for Research Participants

Rights to Erasure Policy

Statement of Tasks in the Public Interest

Subject Access Request Policy


The University’s official contact details are:

Data Protection Officer

The Burroughs

Tel: +44 (0)20 8411 5000

Privacy policies