Data protection guidance for advisers

During the application process, you will be processing the personal data of your students. You are responsible for the correct handling of this data as set out in the Data Protection Act (2018).

Looking after your Apply for advisers sign in details

To guarantee the security of your applicants’ data, please change the password provided after your initial set up. Make sure your new password is unique but memorable, as we will not be able to verify this once you have changed it. We would recommend that a strong password would contain at least eight characters, which includes upper and lower case letters, a number, and other characters.

Please do not share your sign in details. If another member of staff requires access to the system, please direct them to your UCAS Correspondent to be set up as a user in their own right.

Setting up groups

Users should be given access to the appropriate level of data they need in order to conduct the duties of their role. Setting up the appropriate groupings in your centre’s system will assist with this, making sure staff can only access the data of the students they are supporting.

Information sharing

The personal data stored in the system should not be shared with other centres. An individual’s choice of where to apply should be confidential to them. The system should not be used to discuss this.

The personal data is gathered for the application process and should not be used for any other purpose without the consent of the individual.

Hard copies

Please do not print personal data unless there is no other option. If you need to print any personal data from the system, you need to ensure the handling of this data is secure. For example:

  • Do not leave the data in any open areas where it may be seen by third parties.
  • Do not take the data out of your centre if at all possible. This will ensure there are no issues of loss in transit.
  • Do not leave hard copy data in vehicles or have it on view on public transport, if you do have to take it outside of the centre. Please use a secure method of transportation, such as a locked briefcase.
  • Do store hard copy data securely. If this data is to be kept in hard copy form, it should be securely stored. We would advise a ‘double lock’ approach, where by it is kept in a locked drawer in a locked room.
  • Do not keep hard copy data for longer than it is needed. Please refer to your centre’s retention policy and ensure this is enforced.
  • Do ensure that it is confidentially destroyed when you have finished using it.
  • Do not allow others to see this data if they would not be able to access it via the system.

Inappropriate use of the system

Accessing personal data, where you do not have a legitimate reason to do so, is a breach of the DPA.

Please do not look at students details that you are not supporting. This includes students you are related to or know in a non-professional capacity.

Subject access requests

If a student requests access to any of their personal data, you should action this in line with your own data protection policy and processes.