Cardiff University is a 'Data Controller', which means that it is registered with the Information Commissioner to process personal data for specific purposes (Registration Z6549747). Personal data is any data from which a living individual can be identified.
The processing of personal data is covered by the Data Protection Act 1998. This governs what personal data the University can collect, how it may use the data and to whom it can disclose the data - the 8 data protection principles. The Act also gives individuals the right to see their own personal data held by any Data Controller and other rights in respect of the processing of their personal data.
The University is regularly required to provide the Higher Education Statistics Agency (HESA) with information about its staff and students. The types of information disclosed and the use that HESA makes of that information is described on the HESA web site:
If you would like to see the personal data that Cardiff University holds about you, you will need to apply under the Data Protection Act. The procedure is known as a Subject Access Request and there is a £10 standard charge.
The University has produced guidance notes on several aspects of the Data Protection Act as it applies to personal data processed by staff and students. Please follow the link to guidance on the left hand side.
The University's Data Protection Policy can be downloaded using the Resource link above right.