Data protection: an introduction Data protection: an introduction

On 25 May 2018 the UK's data protection law changed. The Data Protection Act 2018, and the General Data Protection Regulation (GDPR) are now in force. 

The new law gives the University obligations and responsibilities in the way it handles personal information. It enhances people's rights, and those who gather and use personal data on behalf of the University must follow the data protection principles.

For specific information on how the University uses personal data, see our privacy notices. Your Rights explains how the law helps you to protect your privacy. For further information, see our online training (for staff and research students) or come along to a drop-in session.

UEA data protection contacts UEA data protection contacts

If you have any specific queries about data protection at UEA, please contact the University's Information Compliance team at or by telephone on +44 (0)1603 59 2431.

The University's Data Protection Officer is Ellen Paterson. Data Protection Officers have a range of responsibilities under the GDPR, outlined in this guidance from the Information Commissioner's Office. You can reach Ellen using the email address and phone number above.

The University also has a network of data protection contacts, covering all departments and Schools. If you're a member of UEA staff and don't know who your contact is, email

UEA data protection policies UEA data protection policies

The Data Protection Policy sets out how personal data will be managed by the University.

The following University policies also contain statements and requirements on how we process personal data, and include actions for all staff.

Information Classification and Data Management Policy

Conditions of Computer Use

General Information Security Policy

GDPR training module GDPR training module

If you are a member of UEA staff or PGR student you can now complete online GDPR training. Go to Blackboard and you'll find a link to the training under 'My Organisations'.

Training completion will be monitored and reports shared with managers on a regular basis. 

Data protection news Data protection news

June 2018: The ICO's series of myth-busting blogs turns to the issue of consent, and why all those emails that flooded your inbox last month weren't always correct 

25 May 2018: All change: the GDPR and the DPA 2018 are now in effect. It's important to take both into account when considering how to handle personal data. 

Find out more Find out more

The Information Compliance team are running regular lunchtime briefings and Q&A sessions to help staff understand the requirements of the new law.

No booking is required, and the team will be on hand to answer your data protection questions.

Time: 12-1pm (briefing will take around 30 mins from 12pm)

Location: Registry, Committee Room 1


11 July (Briefing plus Q&A)

09 August (Q&A)

13 September (Briefing plus Q&A)