What is happening?
Data protection law governs the rights of individuals, and the responsibilities of organisations, relating to privacy. The current Data Protection Act 1998, on which the University’s data protection policy and procedures is based is being replaced, from 25 May 2018, with two new pieces of legislation: the General Data Protection Regulation (EU) 2016/679 (commonly referred to as “GDPR”), and a new General Data Protection Act 2018, which is currently going through the UK parliamentary approval process.
The changes in data protection law aim to give individuals more control over the information that organisations hold about them and to create a consistent approach to data protection across the EU.
A lot of the existing data protection law and how it impacts on us and our work at the University is not changing. There are however some key changes that you need to know about:
The University has established a working group to manage the implementation of GDPR following an agreed action plan. The group reports to the University’s Senior Management Team. Work has been carried out to assess the personal data processed by the University and what systems and processes may need to be changed as a result of this process.
Further guidance and information will be published over the next few weeks on these pages.
Each School and Service has nominated a Data Protection Champion to raise awareness of Data Protection and Information Security responsibilities and be the initial DP contact within their School/Service. Details of the Data Protection Champion for each School and Service will be published here soon.
What do I need to do?
There are things that you can do now to help to ensure that we are compliant.
One of the underlying principles of the legislation is that privacy of individuals’ information is designed into our everyday working practices by default. Set out below are some key rules for you to consider in the context of your day to day work at the University:
1. Keep personal data secure
• Don’t share your password
• Lock your computer/laptop/tablet whenever you leave it
• Lock away your papers when you are away from your desk
• Don’t work with personal data on unencrypted devices
• Consider putting systems in place to ensure that only those that need to have access to personal data can access it
2. Only keep personal data that you need and don’t keep it for longer than needed
• Review your records to check whether you need to keep what you have.
• Regularly delete emails that you don’t need to keep.
• Follow the University retention schedule
Our Records Management pages contain further information and guidance to assist you.
3. Be aware when sharing personal data
4. Tell us if personal data is deleted, lost, stolen or shared by mistake
Visit this site regularly to check for updates; these will also be highlighted in Staff News and via your Data Protection Champion.