Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

Relevant Information for questions on Data Privacy Audits. Please note this is a guide to finding the information you might need to fill in an audit - it is not a substitute for filling in a form. Some of the links may be restricted to SSO.

ICO Registration Number

You can find this by searching the ICO register. Note that Colleges and other parts of the University may be registered separately.

University Data Protection Policy

The University Data Protection Policy - approved by Council 14 May 2018

Who is the University's Data Protection Officer?

Full details of the information compliance team can be found via this link. The name and address of the DPO are at the bottom of the page.

Employee Data Privacy Training

Information about the Information Security training module is available on the Information Security website. In the Medical Sciences Office the training is mandatory and should be repeated annually. Requirements may differ from department to department.

Confidentiality clauses in employees' contracts

There is a generic confidentiality clause in employees' contracts and a specific data protection clause. Links to example wording can be found in this link.

Pre-employment screening for employees

Many University posts require pre-employment checks. Information can be found in this link.

University Information Security Policy

University Information Security Policy - dated Nov 2017 (log in required)

University Standard Privacy Notices

Privacy Notices for staff, students, applicants, alumni and other associates

Information for individuals on their rights and how to exercise them

Standard University wording for individual rights

University Guidance on Privacy Notices

The University's Privacy Notice Toolkit

Guidance for researchers on transparency

How to provide information about processing and individual's rights

Subject Access Request Process

Process for subject access requests - information for staff

Staff Guidance on Data Protection and Confidentiality

The University's Guidance on Data Protection and Confidentiality

Data Protection by Design

University Guidance on Privacy by Design

University Guidance on Data Quality

Research Services Guidance on Data Quality

University Breach Reporting Procedure

University Guidance on how to identify and report a data breach or security breach

University SOPs for Clinical Research

The University SOPs include Confidentiality and Security of Personal Data (13) and Data Management (15)

Data Protection Impact Assessments (DPIA)

Guidance, templates and screening

University of Oxford Policy on the Management of Data Supporting Research Outputs

Policies on open and published data from the Research Data Management Team

University Guidance on Disposal of Research Data

Guidance on the disposal of research data is included in the University best practice guide on the collection, protection, storage and management of data collected for research purposes (page 6).