The Data Protection Act sets out guidance on how Public Authorities and organisations manage personal data. It is a requirement by law that the organisation managing personal data is registered with the Information Commissioner. This is achieved through a notification statement and can be viewed on-line at the Information Commissioner's website.

Secondly every organisation that manages personal information is legally bound by eight principles. Further information regarding these and the University of Westminster's notification statement can be found below.

Data protection notification statement

The Information Commissioner maintains a public register of Data Controllers. Each register entry includes the name and address of the data controller and a general description of the processing of personal data by a data controller.

Individuals can consult the register to find out what processing of personal data is being carried out by a particular data controller. Notification is the process by which a data controller's details are added to the register.

The Data Protection Act 1998 requires every data controller who is processing personal data to give notification.

The University of Westminster's Notification Statement is available on the Information Commissioner's website under the Register of Data Controllers.

Data protection principles

Staff in the University who process personal data or sensitive personal data must comply with the eight legally enforceable data protection principles. In summary these state that data must:

  • Be obtained and processed fairly and lawfully;
  • Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose;
  • Be adequate, relevant and not excessive for those purposes;
  • Be accurate and kept up-to-date;
  • Not be kept for longer than is necessary;
  • Be processed in accordance with the data subject's rights;
  • Be kept safe from unauthorised access, accidental loss or destruction;
  • Not be transferred to a country outside the European Economic Area (the EU member states, plus Norway, Iceland and Liechtenstein), unless that country has equivalent levels of protection for personal data.

Data Protection Act complaints

If you have any complaints about the way we are handling Data Protection then please let us know. Please contact the Information Compliance Manager at the address below.

Malcolm Bacon
Information Compliance Manager
University of Westminster
309 Regent Street
Room 401a
London W1B 2HW

T: +44 (0)20 7911 5000 ext 65158
E: [email protected]

If you have followed our complaints procedure and are unhappy with the outcome, you have the right to appeal to the Information Commissioner.

Contact the Information Commissioner at the address below or report your concerns online at the Information Commissioner's Office website.

Information Commissioner
Wycliffe House
Water Lane
Cheshire SK9 5AF

Stack of paper

Policies and documents A-Z

Browse our key strategies, policies, codes, procedures and other documents.

Old photo of the polytechnic institution

Archive services

Archive Services collects, preserves, and provides access to records of the University and its predecessors.