Data Protection

Queen Margaret University is committed to protecting the rights and freedoms of individuals with respect to the processing of their personal data. Such processing is undertaken in compliance with:

  • The UK General Data Protection Regulations (UK GDPR) and Data Protection Act 2018 (the Act), which together are referred to as the "Data Protection Legislation" within this section
  • associated legislation
  • the University's notification with the UK Information Commissioner, which sets out the purposes for which the University holds and processes personal data about employees, students, graduates and others.

The Data Protection Act 2018 sets out the data protection framework in the UK, alongside the GDPR, and came into effect on 25 May 2018. It was amended on 01 January 2021 by regulations under the European Union (Withdrawal) Act 2018, to reflect the UK’s status outside the EU.

Personal data is information that relates to an identified or identifiable individual. What identifies an individual could be as simple as a name or a number or could include other identifiers such as an IP address or a cookie identifier, or other factors. The full text of the Regulations is available from the UK Information Commissioner’s website.

Compliance with Data Protection Legislation in the UK is overseen by the UK Information Commissioner. The University must tell the Commissioner about all the purposes for which it processes personal data. This is called notification and all the purposes are maintained in a searchable register by the Commissioner. The University is registered with the Information Commissioner’s Office. Our Registration Number is Z6013920.

Queen Margaret University needs to keep certain personal data, for example about its staff and students, to fulfil its purpose and to meet its legal obligations to funding bodies and government. Personal Information that we collect and hold is used by us for our statutory and/or public functions. Where we collect or share data it is on the basis that it is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in us as the Data Controller (See GDPR Article 6(1)(e)) and for statistical and research purposes (See GDPR Article 89). Processing of Special Categories of data is necessary for statistical and research purposes in accordance with Article 89(1) based on the duties in the Equality Act 2010 (See GDPR Article 9(2)(j)).

All users of personal data at Queen Margaret University are required to comply with the Data Protection Legislation, the University’s Data Protection Policy, and Data Protection Guidelines.

All enquiries relating to the University’s Data Protection compliance should be directed to 


FOI Requests and Data Protection

Show Contacts

FOI Requests and Data Protection

Irene Hynd University Secretary 0131 474 0000