Data Protection


The EU General Data Protection Regulation (GDPR, and associated UK data protection legislation) sets out the legislative framework for managing personal data. This includes student records, staff files and other personally identifiable data.

GDPR sets out the standards for data management and provides a right of access by data subjects to the information that the ICCA holds about them. The ICCA’s Data Protection Policy (URL) provides additional detail about how personal data is handled.

The Information Commissioner’s Office is the supervisory body for the UK in relation to Information Rights. Further information regarding GDPR can be found on the ICO’s website.

Information Management manages requests for personal data (and other rights under the GDPR) and provides guidance and support to staff and students to ensure compliance with the Act. To access data that ICCA’s holds about you, please see our document on requesting personal data.


Further Guidance

Further guidance for students and staff can be found below.

Student Data Collection Notice

Records and Data Retention Schedule


Policies and Procedures

ICCA Data Protection Policy

ICCA Data Protection Procedure

ICCA Records Management Policy

ICCA Data Breach Procedure

Link to Personal Information Request Form

Use of Personal Information

The legal basis for our use of your personal information

Acceptable IT Usage Policy for Students