GDPR and Data Protection

The University of Sheffield processes information about individuals, for our own administrative purposes and to comply with our legal obligations. This includes personal data concerning current, prospective and former employees, students, suppliers, research partners and others in order to carry out

The University of Sheffield is committed to protecting the rights and privacy of individuals in accordance with appropriate UK and European legislation. This includes:

  • General Data Protection Regulations (GDPR)
  • Data Protection Act 2018 - The GDPR provides some opportunity for national governments within the EU Member States to make certain provisions for how they apply the GDPR. The Data Protection Act 2018 formally repealed the Data Protection Act 1998 and addresses these Member State options of the GDPR. 

We detail our processing within our data protection policy (PDF).

ICO Notification

The University of Sheffield has notified the Information Commissioner's Office (ICO) of the purposes for which it processes personal data. This notification is renewed annually and recorded in the Data Protection Public Register. The University's Registration Number is Z681065X

The University must ensure that its notification remains up-to-date. Any member of staff who wishes to carry out processing additional to the current notification must contact dataprotection@sheffield.ac.uk prior to doing so.

Additional processing includes:

  • Processing personal data for an additional purpose
  • Collecting an additional class of data 
  • Collecting personal data from an additional class of data subject
  • Disclosing personal data to a new recipient