skip to primary navigationskip to content
 

Data Protection Officer for the Colleges

The role of the Data Protection Officer 

The Office of Intercollegiate Services has been appointed by each of the 31 Cambridge Colleges to fulfill the role and functions of the Data Protection Officer, as it is set out in the Data Protection Act 2018 (DPA) and the EU General Data Protection Regulation (GDPR). 

The Data Protection Officer is not a role directly related to, or responsible for, the operational activities of any College.  Its functions include:

  • to inform and advise a College and its Fellows and staff who process personal information of their obligations under the DPA and the GDPR;
  • to monitor that College's engagement with the DPA and the GDPR and the extent to which its policies, procedures and practices are in line with them;
  • to undertake regular audits to monitor compliance with its relevant policies, procedures and practices, and to review, and advise on, matters including internal awareness-raising and training of College members and staff;
  • to provide advice, where requested by the College, on any required data protection impact assessments;
  • to act as the contact point for, and to cooperate with as appropriate, the Information Commissioner's Office, the UK's statutory supervisory authority for the DPA and the GDPR;
  • to have due regard in all of their functions to the risks involved in personal information processing, taking into account the nature, scope, context and purposes of processing.

If the College processes your personal information in any way, as the Data Protection Officer, the Office of Intercollegiate Services also offers a point of relative independence for you to enquire about any issues or concerns related to the processing of your personal data, or for advice on how you can exercise your rights under the DPA or GDPR.  

Your rights

You have a number of rights under the DPA and GDPR.   Not all of these rights are automatic: most will require some dialogue with the College about how best to address your concerns, and the College is committed to resolving these as amicably as possible.  The College reserves the right, however, to discuss with you why it might not comply with a request from you in relation to your rights. 

Your rights include:

  • the right to ask the College for access to the personal information that it holds on you;
  • the right to request that such personal information be rectified (corrected) or erased;
  • the right to to request that your personal information be restricted, and that the College should not process it for specific purposes (especially pending any concerns about its accuracy or relevance);
  • in some limited circumstances, the right to ask for the transfer of your personal information electronically to a third party (data portability).

In addition, you have the right to object to the receipt of communications from the College, particularly where these do not relate directly to non-marketing services that it is providing.

Raising concerns

In most cases, if you have questions or concerns about your personal information, or how it used, we will advise that in the first instance you speak to the College members or staff responsible for managing that information (e.g. the Tutorial Office, the Bursary, the Development Office). 

If you need further guidance, or wish to seek a more independent view in the first instnace, please get in touch with us by telephone: 01223 768745 or email  or by writing to us at:

12B King's Parade

Cambridge

CB2 1SJ 

 

If you remain unhappy with the way your information is being handled, or with the response received from the College or the Office of Intercollegiate Services, you have the right to lodge a complaint with the Information Commissioner’s Office at:

Wycliffe House

Water Lane

Wilmslow

SK9 5AF

 

(https://ico.org.uk/)