Useful Information for Audits
Relevant Information for questions on Data Privacy Audits. Please note this is a guide to finding the information you might need to fill in an audit - it is not a substitute for filling in a form. Some of the links may be restricted to SSO.
ICO Registration Number
You can find this by searching the ICO register. Note that Colleges and other parts of the University may be registered separately.
University Data Protection Policy
The University Data Protection Policy - approved by Council 14 May 2018
Who is the University's Data Protection Officer?
Full details of the information compliance team can be found via this link. The name and address of the DPO are at the bottom of the page.
Employee Data Privacy Training
Information about the Information Security training module is available on the Information Security website. In the Medical Sciences Office the training is mandatory and should be repeated annually. Requirements may differ from department to department.
Confidentiality clauses in employees' contracts
There is a generic confidentiality clause in employees' contracts and a specific data protection clause. Links to example wording can be found in this link.
Pre-employment screening for employees
Many University posts require pre-employment checks. Information can be found in this link.
University Information Security Policy
University Information Security Policy - dated Nov 2017 (log in required)
University Standard Privacy Notices
Privacy Notices for staff, students, applicants, alumni and other associates
Information for individuals on their rights and how to exercise them
Standard University wording for individual rights
University Guidance on Privacy Notices
The University's Privacy Notice Toolkit
Guidance for researchers on transparency
How to provide information about processing and individual's rights
Subject Access Request Process
Process for subject access requests - information for staff
Staff Guidance on Data Protection and Confidentiality
The University's Guidance on Data Protection and Confidentiality
Data Protection by Design
University Guidance on Privacy by Design
University Guidance on Data Quality
Research Services Guidance on Data Quality
University Breach Reporting Procedure
University Guidance on how to identify and report a data breach or security breach
University SOPs for Clinical Research
The University SOPs include Confidentiality and Security of Personal Data (13) and Data Management (15)
Data Protection Impact Assessments (DPIA)
Guidance, templates and screening
University of Oxford Policy on the Management of Data Supporting Research Outputs
Policies on open and published data from the Research Data Management Team
University Guidance on Disposal of Research Data
Guidance on the disposal of research data is included in the University best practice guide on the collection, protection, storage and management of data collected for research purposes (page 6).