Share this page:

Data Protection

Canterbury Christ Church University holds and processes information in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Our approach to data protection

You can read more about the approach the University takes to protecting personal data in our Data Protection Policy.

Personal data is information about a living, identifiable individual.

Information rights

Individuals have rights related to the information the University holds about them, including the right to access their personal data unless an exemption applies.

The University must respond within a month, with a possibility to extend this period for particularly complex requests. You can make a request using the Subject Access Request form.

You can read about the information rights an individual has and the obligations on the University.

If you wish to exercise any of your information rights, you can use our Individual Rights Request Form.

How we use personal data

We explain how we use personal data in our Privacy Notices.

We explain the way we process data for students and those who apply for our courses in our Student Privacy Notice.

We explain how we use special category data in our policy statements. There is a policy statement for students and applicants and a policy statement for staff.

Information for staff

All employees and agents processing personal data for and on behalf of the University are responsible for ensuring that any processing of personal data carried out by them complies with the data protection legislation.

This includes using appropriate security measures to protect personal data. This includes the disposing of personal data.

If you are a member of staff, you will find further information on our Intranet in the Data Protection Guidance.

Data breaches

If there is a data breach, we need to know about it immediately.

A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

If you are a student or a member of the public, please send an email to We ask you to provide your name and address and the details of the breach. 

If you are a member of staff, please follow the procedures for reporting a data breach in the Data Protection Guidance.

Data protection complaints and procedure

If you have a complaint about any aspect of data protection at the University, we will seek to resolve the complaint speedily and to this end, you are invited to submit your complaint to the Data Protection Officer, by email to:

We ask you to provide your name and address and the details of your complaint. You can use our Complaint about Data and Information Handling form to provide the information. 

We will deal with your complaint following our Procedures for Complaints Relating to Data and Information Access and Handling.

If we are unable to resolve any complaint, you can complain to the Information Commissioner, the independent body that oversees the GDPR and the Data Protection Act 2018.

Return to

In this section

Contact us

Information Governance Team
For advice and queries on data protection, handling of personal data, reporting data breaches, submitting Subject Access Request and individual Rights request
Myriam Tavernier
Head of Data Protection
For advice on data protection or if you have concerns about disclosing data