The Data Protection Act 1998 has implications for everyone who processes manual or electronic personal data.

Many students in the University process personal data either as a data controller or as directed by a data controller. All such processing must comply with the data protection principles. All staff and students who process personal data as part of their work, research or study at the University must comply with these principles.
Protocol and Project Modules 2010-2011

There are some exemptions in the Act that are relevant to the University. These include studies done for research, history and statistics where:

1) further processing can be carried out,
2) data may be kept indefinitely, and
3) subject access does not have to be given.

These apply where processing is exclusively for those purposes and does not support decisions relating to particular individuals and where the processing is done in such a way that it does not cause substantial damage or distress to any data subject.

More comprehensive guidance is provided by the University Data Protection web pages at: http://www.nottingham.ac.uk/dpa/

If you are a registered student and you or your supervisor cannot find relevant advice or guidance from the Data Protection Office web site or need to seek advice from within the University then you should contact the Data Protection Officer for the University, with details of your query.