Queries? Please contact


Fines will be “effective, proportionate and dissuasive”

up to €20,000,000
or 4% of GTO

Data breaches

When you identify a data breach follow the procedure on our website here

Some examples include:

Sending an email to the wrong recipient, even if another University of Exeter employee. If the email contains personal data, this is may be a data breach and should be handled appropriately. If notified in time, it may be possible for us remove this email before it is seen by the wrong person.

Not locking your computer when you’re away from your desk. You are responsible for what is conducted on your account. If someone accesses your computer and retrieves data from your account you will be held responsible.

Bags of confidential paper left by the secure waste bin for shredding. Confidential waste bags should be kept in secure locked environments (as you would keep the documents before disposal). Please arrange with your relevant contact for collection and disposal.

What's changing?

The General Data Protection Regulation replaces the Data Protection Act 1998. It:

  • Becomes law on 25 May 2018
  • Remains law after Brexit

It states that personal data must be:

  • Processed fairly, lawfully and in a transparent manner
  • Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with the original purpose
  • Adequate, relevant and limited to what is necessary in relation to the purposes
  • Accurate and kept up to date, rectified without delay
  • Kept in a form that permits identification no longer than is necessary
  • Processed in a way that ensure appropriate security of the personal data

The controller shall be responsible for and be able to demonstrate compliance (Accountability)

What is 'personal data'?

  • Any information relating to an identified or identifiable natural person
  • ‘Data subject’ = identifiable person who can be identified directly or indirectly by an identifier such as:
    • a name
    • number location data
    • online identifier
    • or to one of more factors specific to person’s physical, physiological, genetic, mental, economic, cultural or social identity
  • Special categories include:
    • Racial/ethnic origin
    • Political opinions
    • Religious/philosophical beliefs
    • Trade Union
    • Biometric data
    • Health
    • Sex life/sexual orientation