Data protection

Canterbury Christ Church University holds and processes information about employees, students, and other data subjects for academic, administrative and commercial purposes, in accordance with the General Data Protection Regulation (GDPR) and the Data Protection Act 2018.

Our approach to Data ProtectioN 


You can read more about the approach the University takes to protecting personal data in ourData Protection Policy. 


Personal data is information about a living, identifiable individual.  

Information Rights 


Individuals have rights related to the information the University holds about them, including the right to access their personal data unless an exemption applies.


The University must respond within a month, with a possibility to extend this period for particularly complex requests. You can make a request using the Subject Access Request form 


You can read about the information rights an individual has and the obligations on the University.  


If you wish to exercise any of your information rights, you can use our Individual Rights Request Form 

How we use Personal Data 


We explain how we use personal data in our Privacy Notices 


We explain the way we process data for students and those apply for our courses in our Student Privacy Notice. 


We explain how we use special category data in our policy statements. There is a policy statement for students and applicants and a policy statement for staff 


Our Important Documentation 


Information for staff 


All employees and agents processing personal data for and on behalf of the University are responsible for ensuring that any processing of personal data carried out by them complies with the data protection legislation. 


This includes using appropriate security measures to protect personal data. This includes the disposing of the personal data. 


If you are a member of staff, you will find further information on our Intranet  in the Data Protection Guidance.  

Data Breaches 


If there is a data breach, we need to know about it immediately. 


A personal data breach is a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. 


If you are a student or a member of the public, please send an email to ask you to provide your name and address and the details of the breach.  


If you are a member of staff, please follow the procedures for reporting a data breach in the Data Protection Guidance. 



Contact us 


For advice on data protection or if you have concerns about disclosing data, contact the Data Protection Officer or Information Governance Manager: 


Data Protection Officer 
Mr Robert Melville  
Canterbury Christ Church University 
North Holmes Road 

CT1 1QU 


Information Governance Team


You can read more about the University as data controller in our further information 

Data Protection Complaints Procedure 


If you have a complaint about any aspect of data protection at the University, we will seek to resolve the complaint speedily and to this end you are invited to submit your complaint to the Data Protection Officer, by email to: 


We ask you to provide your name and address and the details of your complaint. You can use our form to provide the information.  


We will deal with your complaint following ourProcedures for Complaints Relating to Data and Information Access and Handling. 



If we are unable to resolve any complaint, you can complain to the Information Commissioner, the independent body that oversees the GDPR and the Data Protection Act 2018. 



Connect with us

Last edited: 20/01/2022 11:11:00