Data protection issues that affect you as a tutor are described in detail in the Data protection and Freedom of Information section of the Personal Tutor's Handbook. This includes advice on keeping records and dealing with enquiries from third parties.
As for anyone whose personal data the University processes, you have the right to:
- Be informed what personal data about them the University holds and what they are used for
- access this personal data
- update the personal data the University holds
- be informed how the University is complying with its obligations under the Act
- complain to the Data Protection Officer if you feel that the Data Protection policy has not been followed
You will usually have access to your Human Resources (HR) records via your staff portal, or via an informal request to your head of School or Department, or to the Human Resources department.
If you wish to access your personal data under the provisions of the Data Protection Act, you should make a Subject Access Request.
Providing personal data to the University
Like everyone who provides personal data to the University, you are responsible for ensuring adherence to the Data Protection Principles, especially with regard to accuracy. This means that you have a responsibility to ensure that personal data you provide to the University is accurate and up-to-date. The responsibility includes checking information that the University makes available via corporate systems or sends out from time to time showing your personal data that are being processed (ie stored).
Processing personal data on behalf of the University
You are required to supervise students who process personal data as part of the course for which you are responsible and you must inform the University's Data Protection Officer to ensure that the activity is covered by the University's registration with the Office of the Information Commissioner.
Anyone who processes data about other people on behalf of the University (e.g. about students' course work, opinions about ability, references to other academic institutions, conference or visitor details, details of personal circumstances or research data) must comply with the Data Protection Principles and with recommendations given by the Data Protection Officer and the guidance to be found in the JISC Data Protection Code of Practice, by following the advice in the Data Protection Policy Guidelines.