Prospective students, employees and other stakeholders have to trust that their personal details will be safe at the university. We, at Robert Gordon University, are expected to safeguard personal information of both staff and students properly and not to abuse it. For this reason we have developed a robust Information Governance Policy that would meet these needs.
- All About GDPR (PDF 115KB)
- Data Breach Guidance - May 2019 (PDF 123KB)
- Data Breach Reporting Form - September 2019 (DOC 67KB)
- Data Protection Training Presentation (PPT 332KB)
- Key Points of GDPR (PDF 83KB)
- Privacy Impact Assessment Guidance (PDF 237KB)
- Privacy Impact Assessment Template (DOC 69KB)
- Risk and Control Matrix (PDF 110KB)
- Subject Access Requests - Staff Guidance (PDF 85KB)
- Target Operating Model - February 2020 (PDF 81KB)
The university's registration number with the Information Commissioner's Office is Z5607918.
The University has a series of privacy notices to ensure transparency and explain to individuals how their personal data will be used.
- Access Program Privacy Notice - July 2019 (PDF 28KB)
- Accommodation Privacy Statement (PDF 230KB)
- Employee Privacy Notice - March 2019 (PDF 39KB)
- RGU Recruitment Privacy Notice (PDF 114KB)
- RGU SPORT Privacy Notice (PDF 180KB)
- Student Privacy Notice - October 2019 (PDF 188KB)
- Student Recruitment Privacy Notice - August 2018 (PDF 117KB)
Accessing your personal data
Under the GDPR, individuals (i.e. data subjects) have a right to know what data is held about them at RGU and a right to access their personal data. Data subjects must submit a request to access this information. Please note the university may request evidence of your identity (a copy of passport and/or driver’s license). The university provides a Subject Access Request Form in order to assist in making a request, however you may also submit a request in a letter, email or verbally. Please see our Accessing Your Personal Data - Guidance Note for further information on how to make a request.
Once the request has been validated and verified the university will respond within one month. Please note that you can only request your own personal data under a subject access request, unless you are proven to be authorised to act on behalf of the data subject.
Data Protection by Design
Under GDPR the university in required to demonstrate that data protection has been considered in our activities. The university has a data protection impact assessment (DPIA) in order to ensure that new projects or systems are designed with data protection compliance built in from the start and that any privacy risks are managed.
A personal data breach may be defined as a breach of security that has affected the confidentiality, integrity or availability of personal data.
CCTV and Data Protection
Organisations, whose premises have CCTV (close circuit television) systems in operation, must inform the UK Information Commissioner that they are gathering personal information about the people they are recording. They must also put up signs to warn the public that this recording is taking place. The Robert Gordon University is registered with the Information Commissioner for the use of CCTV.
Contact Details and Further Information
If you are dissatisfied with the way in which your personal data has been handled please contact the University Data Protection Officer in the first instance. If you are dissatisfied with the response from the University you have the right to lodge a complaint with the Information Commissioner’s Office
Data Protection Officer
Robert Gordon University
Tel. +44 (0)1224 262076