Cookies on this website

We use cookies to ensure that we give you the best experience on our website. If you click 'Accept all cookies' we'll assume that you are happy to receive all cookies and you won't see this message again. If you click 'Reject all non-essential cookies' only necessary cookies providing core functionality such as security, network management, and accessibility will be enabled. Click 'Find out more' for information on how to change your cookie settings.

As a reminder, the Nuffield Department of Primary Care Health Sciences (the Department) takes data protection and privacy seriously. We are all responsible for knowing and understanding the Information Governance (IG) requirements, which pertain to our jobs every day. 

In support of this commitment, the Department has appointed several individuals to help promote and monitor compliance with IG requirements.  These include:


  • Nicola Small (the Senior Information Risk Officer);
  • John Briggs (IT/IG Head); and
  • Phil Nieri (IG Manager).


In addition to these individuals, the University Information Compliance Team (ICT) is always available to assist with data protection and privacy issues/concerns. 

  • ICT provides an advisory service, supporting data protection and privacy work across the University. They review reported security incidents and breaches and process Freedom of Information requests. They can also help provide guidance on the University’s data protection by design review requirements for new and existing Department research projects.
  • The ICT also exists to help manage risk associated with the data processing, which the Department undertakes, and supports the Department with discharging its responsibility under the University data protection policy, which states:

Heads of Department [or equivalent] are responsible for ensuring that the processing of personal data in their respective Departments conforms to the requirements of data privacy legislation…”

The risk of harm to people posed by data breaches is significant. Such breaches also subject the University to reputational harm and regulatory fines and penalties. The Information Commissioner’s Office (ICO) has broad powers with the ability to levy fines of up to 4% of the University turnover. The ICO has the authority to order Departments, or the entire University, to stop processing personal data altogether.

On behalf of Richard Hobbs, Head of Department, we appreciate your ongoing support with helping to prevent breaches form occurring and reducing the risk they pose.

If you have any questions please email them to the Department Data Security mailbox ( You may also contact the ICT Team at this address:


Thanks in advance for your continued support.

Nicola Small

Senior Information Risk Officer

Head of Administration and Finance