Imagine this: You’re starting a new project at the University, maybe it’s a research initiative, a departmental review, or planning a team lunch. At the heart of your work lies data, the facts and figures that will drive decisions, inform insights, and shape outcomes. But before you dive in, how can you ensure your data is accurate, compliant, and ready to work for you?

The first part of the Data and Information Management Guide, “Creating, Collecting, and Classifying” provides tips for effective data management from the start.

Here’s what you need to know.

Start with the Basics

Before collecting or creating any data, you need to understand your responsibilities. The Data Protection Act 2018 sets out seven principles that apply to all data collection and use: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability.

For personal data, the stakes are higher. You must:

• Have a lawful basis for processing.
• Inform data subjects of your purpose.
• Collect only the minimum data needed.
• Check reuse permissions when working with data you didn’t collect yourself.

Classify, Classify, Classify

Not all data is created equal: some require tighter security. Our Information Classification Framework  categorises data and information into three levels:

• Highly Restricted
• Restricted
• Internal

Please note work is ongoing in the Cyber Security team across 2025 to update this policy. This blog post and associated links will be updated accordingly.

Planning for Successful Research Projects

Researchers should know that creating data often begins with a Data Management Plan (DMP). This is more than a checklist, it’s a roadmap for managing your data and information throughout the project lifecycle.

Data and Information Matters

Properly creating, collecting, and classifying data isn’t just about compliance, it’s about ensuring data is reliable, secure, and usable for its intended purpose. Whether you’re protecting sensitive personal information or laying the groundwork for collaborative research, these practices save time, reduce risk, and build trust in the university’s data estate.

If you’re ready to apply these principles to your data and information, think about how you currently create, collect and classify data. Are there gaps? Do you have more data than is necessary? Are there opportunities to streamline? Together, we can build a culture of confident and effective data use across our institution.

Our next blog post will be on Storing Data and Information.