Information governance
Under the UK GDPR and the Data Protection Act 2018, individuals have the right to be informed about the personal data that is collected and held about them. The University is legally required to ensure that any personal data relating to identifiable living individuals is processed lawfully, fairly and transparently; is kept secure and confidential; and is protected against unauthorised or inappropriate access, disclosure, alteration or destruction.
What is information governance?
Information governance is the management of information. It balances the use and security of information and helps with legal compliance and operational transparency. It encompasses record management, information security/protection, compliance, data governance, risk management, retention/archiving and privacy. Here, at the University of Surrey, we understand the benefits of a comprehensive, well-run information governance program, please read our Data Management Strategy.
We hold and process information about many different types of people such as its current, past or prospective employees, applicants, students and alumni. We also process personal information for a variety of reasons. We may also be required by law to collect and use certain types of personal information to comply with statutory requirements.
