Skip to navigation | Skip to main content | Skip to footer
Menu
Search the Staffnet siteSearch StaffNet

Publishing personal data on the internet

Publishing personal data on the University website, including StaffNet, discloses it automatically on a worldwide basis. If this is not done in the correct way, it can leave the University open to regulatory action under the General Data Protection Regulation (GDPR).

The simple answer to this is to refrain from publishing personal data in this way unless it relates to an individual's official role or function in relation to the University. For example, providing the name and professional contact details of a specific officer of the University, or that they serve on a particular committee, is legitimate and is an essential part of the purpose of the website; whereas providing somebody's home address or telephone number is not.

In order to comply with the principle to process data in a fair, lawful and transparent manner, it is important that anybody whose name or personal data appears on the website is aware that it is there. Therefore if a decision is made to publish a name, this should be communicated in advance to the individual prior to publication and at the same time they should be made aware of the mechanisms that are in place to enable them to object and if necessary to have it removed. This applies to data related to staff, students or any other individual whose details are accessible either on or off campus.