SOAS University of London

Data Protection at SOAS

The legal regimes which govern personal data in the UK are the General Data Protection Regulation and the Data Protection Act 2018. These laws together give you a right of access to the data which organizations hold about you, and specifies how that data can be gathered, used and disseminated. SOAS is committed to protecting the rights of individuals under data protection law, and below we have listed the policies and procedures we follow help us safeguard your information.

Using Personal Data in Research: Code of Practice for SOAS Staff and Students
Guidance on how to conduct research involving living individuals in a way which complies with data protection law and SOAS's Research Ethics Policy.

Requesting Access to Personal Data
Explains how to request access to any personal data which SOAS holds about you, including the form which you can use when submitting an access request.

Data Protection Policy
SOAS's Data Protection Policy is binding on all individuals who use personal data for SOAS' business purposes, and specifies the steps which SOAS is taking to conform to the requirements of data protection law.

Privacy Notices
SOAS's Privacy Notices inform different groups of individuals how and why SOAS will process different types of personal data about them, in order to support their and the School's requirements. The notices also tell individuals who we share their information with, how long we keep it for, and what their rights are under the law.

External Information Sharing
This section tells individuals about SOAS's approach to providing information to specific external agencies, such as the police and the Higher Education Statistics Agency (HESA), and the principles SOAS follows when sharing personal information externally.

Responding to a Data Breach
Guidance on how to report a data breach, if you become aware that personal data has been lost, subject to unauthorised access or unauthorised alteration in the course of SOAS's business activities.

Data Protection Impact Assessments
Essentially a risk assessment carried out before data processing begins. Guidance and a template for staff initiating new projects, services or procuring systems which involve large-scale processing of personal or sensitive personal data, profiling, new technologies etc.

Freedom of Information and Data Protection: Guidance for Committee Servicing
Explains the implications of the Freedom of Information Act and data protection law to committee secretaries and chairs, including what should go on open and reserved agendas.

Publication of Staff Details
Explains what information SOAS routinely makes available about its staff, and how staff can opt out.

Appropriate Policy Document
Describes how SOAS processes Special Category Data or Criminal Offence data where the data is processed for employment/social protection purposes, or for reasons of substantial public interest.

Further information about your rights under data protection law is available on the website of the Information Commissioner.