What sections of the Data Protection Code of Practice apply to students?

What sections of the Data Protection Code of Practice apply to students?

Aimed at:  Edinburgh Napier’s students

Student Processing of Personal Data

​The University is responsible for personal data when it is the data controller for that data i.e. where the University determines the purposes for and the manner in which any personal data is to be processed. A student is only permitted to use personal data for a University related purpose, with the knowledge and express consent of an appropriate member of staff. For research purposes this would normally be a postgraduate supervisor or the person responsible for teaching the relevant undergraduate class or course. For administrative purposes this will be on the express authorisation of the line manager or supervisor of the project on which the student is employed.

For more information consult: Processing of Personal Data by Students

Use of Personal Data in Research

The Act sets out to ensure that researchers may only process data about other living individuals where they have a clear legal purpose for doing so and subject to certain prescribed exemptions, the use of personal information for research falls within its remit. Staff and students engaged in research at the University are obliged therefore to comply with the requirements of the eight data protection principles, the University’s Code of Practice and any associated guidance, when collecting and processing personal data for research purposes. In addition to computerised records, these requirements apply to written records held in a structured filing system, digital and microfiche records and video recordings.

For more information consult: Use of Personal Data in Research.

Use of the internet, social media and other externally hosted services.

In order to encourage safe, responsible and acceptable use of the internet, Web 2.0 and other externally hosted services (e.g. Facebook, YouTube, Twitter, LinkedIn) guidance has been developed for students on How to be Webwise.

Collection and Use of your Personal Data

​All students are asked at matriculation to sign up to the University’s Data Protection Statement for Students which explains how the University collects, uses, discloses and ultimately disposes of your personal data.

The University also publishes guidance on the student information we are required to disclose to HESA, which is available at the link above.


The University’s graduation ceremonies are significant events for our graduates, their guests and our staff. Important information about how we will use student data for graduation purposes is in this Data Protection Statement.

Checking or changing your student details. You can do this by going to eStudent Records.

Related University Policies

​All students must adhere to the University’s Information Security Policies.

There are no attachments for this article.
Related Articles RSS Feed