University activities – basis for lawful processing of personal data

The matrix in the download below is based upon the JISC Business Classification Scheme for Higher Education Institutions. The University has considered the activities normally undertaken by universities, noted which activities generally involve the processing of personal data and provided information on why those activities may be lawful under the provisions of the General Data Protection Regulation.

This document will be kept under review and may be updated from time to time. If you have any questions about the use of personal data within the University of Dundee use the contact details below.