Data protection: an introduction Data protection: an introduction

UK data protection law gives the University obligations and responsibilities in the way it handles personal information. The new law, which comes into effect in May 2018, will enhance people's rights, and those who gather and use personal data on behalf of the University must follow the data protection principles.

For specific information on how the University uses personal data, see our privacy notices.

General Data Protection Regulation General Data Protection Regulation

On 25 May 2018 the General Data Protection Regulation (GDPR) will replace the current UK Data Protection Act 1998

Although they share much common ground, GDPR will differ from the Data Protection Act in key ways and the University must prepare for the changes to come.

To find out more, click on the links on this page, look at our GDPR News page, or contact, or +44 (0)1603 59 2431.

UEA data protection contacts UEA data protection contacts

If you have any specific queries about data protection at UEA, please contact the University's Information Compliance team at or by telephone on +44 (0)1603 59 2431.

The University's Data Protection Officer is Ellen Paterson. Data Protection Officers have a range of responsibilities under the GDPR, outlined in this guidance from the Information Commissioner's Office. You can reach Ellen using the email address and phone number above.

The University also has a network of data protection contacts, covering all departments and Schools. If you're a member of UEA staff and don't know who your contact is, email

UEA data protection policies UEA data protection policies

The University administers its obligations under the current law (the Data Protection Act 1998) in accordance with its Data Protection Policy. This is being updated for GDPR but is available on request. 

The following University policies contain statements and requirements on how we process personal data, and include actions for all staff.

Information Clasification and Data Management Policy

Conditions of Computer Use

General Information Security Policy

GDPR training module GDPR training module

If you are a member of UEA staff or PGR student you can now complete online GDPR training. Go to Blackboard and you'll find a link to the training under 'My Organisations'.

Training completion will be monitored and reports shared with managers on a regular basis. 

Find out more Find out more

The Information Compliance team are running regular lunchtime briefings and Q&A sessions to help staff get ready for GDPR.

No booking is required, and the team will be on hand to answer your data protection questions.

Time: 12-1pm (briefing will take around 30 mins from 12pm)


May 24 (briefing plus Q&A) - Location: Committee Rm 2 in the Registry