Nottingham Conference Centre Data Protection Statement

Guide to information

The EU’s new General Data Protection Regulation (GDPR) governs all data that companies hold on individuals. The GDPR has been designed to create consistency and strengthen data protection principles and practices across EU. The GDPR administers a more up to date law on data protection, with stronger emphasis placed on the rights of individuals and how their personal data is used within organisations.

The GDPR comes into force 25 May 2018 and replaces the existing UK Data Protection Act 1998.

GDPR will apply to the entire UK despite the prospective outcomes of the UK leaving the European Union.

There are still many concepts which are the same with the redundant Data Protection Act but with new elements, particularly regarding data subject rights, accountability and organisational compliance with the GDPR Regulation’s principles.

Find out what this means for NTU and how we manage personal data. We use and share personal information in order to identify, deliver and monitor services that we provide.

Who is our Data Protection Officer (DPO)?

Our data protection officer is:

  • Rebecca Jenkyn, Head of Governance & Legal Services

GDPR introduces a statutory position of data protection officer who will have a key role in ensuring compliance with GDPR at NTU. Where processing is carried out by a public authority/body a DPO must be appointed. Public authorities/bodies are not defined within the GDPR but the UK’s Data Protection Bill has defined universities as a public authority/body and so we must have a DPO.

Records retention
NCC's records are an important sources of administrative/evidential and historical information. These are pivotal to our activities and to assist us with accountability. The Conference Centre has developed a Records Retention Schedule