Institution can access my email (inbox/sent items/etc) and edit it? [migrated]

First of all, I have thoroughly read the answers to the following questions and none of them answer my queries:

  • Can Google Chrome read/scan my ProtonMail inbox page?
  • Can my IT department read my Google Hangouts chats while at work?
  • Does company email can access hangouts and private emails?

I am a student at one of the highest ranking universities of the UK (even though I avoid giving much credence to rankings). A couple of days ago, someone found a way to send emails to every single student, masquerading as the Vice Chancellor (the emails appeared to be from his own university email address).

The email body was basically a silly hoax, appearing to have been executed by teenagers (“Dear students, just got off the phone with the prime minister, the University of [censored] will close indefinitely, exams are cancelled, go out and party, etc“).

The same day after a few hours, all the received emails had been deleted from all of our inboxes; a few people had replied to that email though and still had the original ‘hoax’ email. The next day, the email they had sent was deleted as well.


The University evidently has access to our email accounts, but:

  1. Are they allowed to Access/View/Edit out accounts?
  2. Is this legal?
  3. Do I have any say in it? As in, can I refuse using the University email for any type of correspondence and can I demand that they contact me only through my personal email address? If not, is there any way I can preserve my privacy?
  4. If this was not disclosed clearly to any form of “Terms & Conditions” that I agree to by studying here, then what are my rights?
  5. Does GDPR have any effect here, or is the university allowed to do whatever they feel like?
  6. What else do they possibly have access to?

The university uses Office365 (Outlook).