data protection guidance and policy documents data protection guidance and policy documents

This page lists the data protection guidance and policy documents that are available to UEA staff. On 25 May 2018, UK data protection law changed and we will regularly add and update documents to reflect changes to the law. 

If you'd like further information on any of these documents, contact the Information Compliance team at, or +44 (0)1603 59 2431/1143. 

UEA data protection guidance UEA data protection guidance

The Information Compliance team are producing a range of guidance to assist staff in understanding changes to the law. We will add to and revise these documents from time to time.

General information:

Data subject rights:

Legitimate Interests Assessment:

Where we are relying on 'Legitimate Interests' as our legal basis for processing personal data we must do a Legitimate Interests Assessment (LIA). Our LIA template (Word doc.) can be downloaded and, once complete, sent to for review. 

Drafting privacy notices: 

The University's primary privacy notices should cover most of the ways in which we collect and handle personal data, however there will be occasions where separate privacy notices are required (e.g. because data will be collected for a specific purpose that doesn't apply to a wide range of people). The following guidance and supplementary text is designed to assist staff who need to create a specific privacy notice. The data protection team must be informed of any new privacy notices (see checklist below).


Supplementary text

  • 'Further Information' web page (Staff can add this link to any privacy notice they create to ensure that some of the standard information required by GDPR is included in their notice)
  • Data protection text for web forms (Staff who collect personal data via web forms can use this link when creating a privacy notice for their form)

Gathering consent for processing data:

Data sharing:

UEA policies UEA policies

Data Protection Policy (updated May 2018)

The following policies also relate to the use of and access to personal data at UEA:

External data protection guidance External data protection guidance

Information Commissioner's Office Guide to the General Data Protection Regulation (GDPR)

Article 29 Working Party GDPR Guidelines (EU level guidance)