Iron Rule 5 | Data Protection Legislation & Your Legal and Ethical Responsibilities

To understand how to handle personal data, see our Data Protection Policy.

LSE, and therefore everyone who is part of its community, has a responsibility to abide by and adhere to all current UK and EU legislation.

This includes the responsibility to process personal data in accordance with the UK General Data Protection Regulation (GDPR) and the Data Protection Act 2018

In relation to your personal data this means:

  • We will process your personal data in line with the School’s privacy notices (follow the link, the section on privacy notices is at the bottom of the page).
  • You will be able to request personal data relating to yourself and to have personal data corrected and in some situations deleted. 
  • Your personal data will be kept securely. If you believe a breach of your personal data has occurred, please contact the Data Protection Officer Rachael Maguire using 

In relation to personal data processed for your studies/work, this means:

  • You should encrypt or at the very least password/passcode protect your devices you use for your coursework and research. 
  • You should inform any research subjects about where personal data about them will be stored, what it will be used for and how long it will be kept. 
  • If you are using a transcriber for interviews, you will need to tell them how to keep the data secure. The Data Protection Officer can provide a sample contract for this. 

Further guidance is available here: 

Relevant laws to be aware of include:

Your responsibilities  

Remember - do not post or publish anything that could be offensive or bring LSE into disrepute.

Remember - that emails or documents containing personal data may be requested by the individual concerned as a Subject Access Request under the GDPR.

Remember - you are responsible for the usage of LSE IT facilities and data. The School reserves the right to monitor your use of IT facilities.