Data Governance

When you request information from the University of Derby we are governed by various pieces of legislation.  Here is an overview of the main pieces of law we work to.

Data Protection

The Data Protection Act 2018 (GDPR) came into force on 25 May 2018. It is designed to help protect your personal data by setting out rules and conditions which we must follow when collecting and using this data. It aims to ensure that you know where your data is held, what it is used for and who it is shared with.

The act gives you certain rights, including access to your personal data and ensures legislation matches the ever-changing technology around us. For more information please visit the ICO website.

Privacy Notices

Whether you are a student, member of staff or an organisation, your privacy is important to us.  Our privacy notice(s) aim to advise you on the way we look after your data at various stages, including your rights to access this data.

Freedom of Information

The Freedom of Information (FOI) Act 2000 gives a general right of access to all types of 'recorded' information held by public authorities (no matter how the information is held). We maintain a publication scheme, which sets out the categories of information we are required to publish.

FOI requests must be made in writing.  This can either be via posted letter to IT Services, University of Derby, Kedleston Road, Derby, DE22 1GB or email to 

Environmental Information Regulations

The Environmental Information Regulations 2004 give a general right of access to all types of 'recorded' environmental information held by public authorities. Environmental information covered by the regulations includes the state of the air, atmosphere, water, soil, land, landscape, as well as factors affecting the above elements such as substances, energy, noise, radiation or waste, emissions, discharges into the environment.

Records Management

Records Management is governed by a number of laws and regulations, several of which concern Data Protection and Freedom of Information. Records management is the practice of maintaining records safely from the time they are created for University business activities, during retention and up to their eventual disposal. This includes classifying, storing, securing, destruction and in some cases archival preservation of records. A record can be on paper, digital or a physical object.

Need Advice?

Contact: or or call +44 (0)1332 592151

Our Data Protection Officer is James Eaglesfield (01332) 591762
Our Deputy Data Protection Officer is Helen Rishworth (01332) 591954