Principle 2: Personal data shall be obtained and processed only for specified and lawful purposes
The University is required, as a data controller, to register with the Information Commissioners Office (ICO). Principal 2 requires the University to obtain and process data only if such data and its processing is included in that registration. The University's registration is available on the ICO Web-site.
To ensure that the University's registration is accurate, the Records Manager will undertake a regular audit within all sectors of the University and staff and students must ensure that full account is taken of all records held on individuals within their area(s) of responsibility.
All staff should notify the University's Records Manager immediately if they wish to obtain and/or process personal data which is not covered in the University's registration.
Any changes in the processing of existing personal data, whether held in current or historical files, should be notified to the Records Manager immediately.