GDPR and Data Protection Policy

The University of Sheffield needs to collect, retain and process information about employees, students and other people to allow it to perform academic and administrative functions and to meet legal and regulatory obligations to sector bodies and government.

From 25 May 2018 the Data Protection Act (DPA) was replaced by the General Data Protection Regulation (GDPR). If you have any queries then please contact our Data Protection team.

Where it is necessary for the University to hold and process personally identifiable information it will do so in compliance with its statutory obligations to the data subjects.

All University of Sheffield staff have a responsibility to protect personal information; you must abide by all relevant policies and procedures. Any actual or suspected breaches must be reported immediately.

You can view the roles, responsibilities and structure for information management governance at the University here.

You can find out how your personal data is handled, how to manage your own information, how to report a breach and more here.

PLEASE ENSURE YOU COMPLETE YOUR INFORMATION SECURITY TRAINING!