The General Data Protection Regulations (GDPR) will be incorporated into the new Data Protction law in the UK in May 2018. The new law will impact on some data collection, use and storage practices across the institution. The University has developed a Compliance Plan which is being overseen by the University’s Information Protection Group and implemented by a sub-group comprising representation from the Secretariat, IT, the Student Education Service, Human Resources, the research community and the Library. For most staff, changes brought about by the new Regulations will not be significant. More information will be provided on this page and further briefings will follow through relevant channels.
The main elements of the Compliance Plan include:
- Generating a comprehensive record and understanding of the personal data the University holds.
- Ensuring all staff and students understand how to collect, use and store personal data according to the new Regulations.
- Ensuring that the people whose data we collect know their rights, and are confident that we are using their data responsibly and within the confines of the law.
- Ensuring that we are able to respond efficiently to requests from individuals whose data we hold.
- Developing a rapid and effective process to respond to any loss of personal data.
- Building in protection so that compliancy with the Regulations is “designed in”.
Further training on the new regulations will be provided in due course. In the meantime, data protection training relating to research will continue to be provided through ODPL, and all staff are required to complete the compulsory online information security essentials training.