Find out what makes us such a unique institution and discover the vibrant student life that is at the heart of our community.
Learn more about our key research areas and our research objectives.
See how our research transforms people’s lives in our community, throughout the UK and around the world
Read our guidance for staff, students and applicants.
The latest results from a study have shown that an arthritis drug, baricitinib, reduced mortality in patients hospitalised with Covid-19
Below you will find definitions of some of the key terms and phrases associated with data protection.
An individual’s consent to process their personal data must be ‘freely given, specific and informed’. Consent must be based on the individual’s clear understanding of what the data is being used for, who it will be shared with, how long it will be kept for (see ‘fair processing notice’). It is important to note that while an organisation must have a valid reason for processing personal data, this may not necessarily always involve the direct consent of the individual it relates to.
The person who decides how, and for what purposes, the data is going to be processed. This could be either an individual or an organisation. St George’s, University of London is considered the data controller for information processed for the purposes of the university’s business.
Someone (other than an employee of the data controller) who processes data on behalf of a data controller, eg an external company employed to distribute an organisation’s newsletter or marketing materials, or a company responsible for the disposal of ‘confidential’ waste.
The Data Protection Act sets out eight data protection principles. These specify that personal data shall:
The living individual who is the subject of the personal data.
The fair processing notice is a formal statement that provides the individual whose data is to be processed with the following information: the identity of the data controller, the purpose(s) for which the data may be processed and any other information necessary to ensure the processing can be considered ‘fair’ under the Act, eg other persons the data may be shared with. The fair processing notice is now known as the 'privacy notice', although you will probably still find reference to both.
The Data Protection Act requires anyone who processes personal information to provide details of that processing for inclusion in a register maintained by the Information Commissioner’s Office. Failure to ‘notify’, or to keep your entry in the register up-to-date, is a criminal offence.
Data relating to a living individual who can be identified from that information, or from other information the data controller has in their possession or is likely to have access to.
Any action or operation carried out on personal data, whether obtaining, recording, storing or disposing of that data.
The process by which a data subject can request information about themselves held by an organisation. The request must be made in writing, which can include email. The organisation must respond to the request within 40 days, providing copies of the relevant information in ‘permanent form’. All subject access requests should be passed to St George’s Data Protection Officer.
Browser does not support script.