The General Data Protection Regulation (GDPR) came into force on 25 May, providing each of us with new rights to control how organisations store and process our personal data.
The University GDPR Working Party has been updating existing – and introducing new – guidance documents, policies and procedures to enable the University to comply with requests for access to personal data held on individuals. A SharePoint site holds all the relevant GDPR documentation and can be accessed here.
Recently published policies include:
- An updated Data Protection Policy
- A Data Quality Policy
- Surveillance Systems Policy
- Records Management Policy
Recent guidance documents include:
- Record Retention Schedule
- Data Sharing protocol
- Using MailChimp
Plus an extensive set of Information Security ‘best practice’ guides and training materials. Staff are reminded to undertake the University’s Introduction to GDPR course, which can be accessed here. The documentation will be revised and added to over the coming months.
It must be remembered that the introduction of GDPR is just the start and all staff and students have an ongoing responsibility to safeguard the data held by the University. Professor Simon Cox, CIO and Chair of the GDPR Working Party reiterated:
“We take data protection and cyber-security very seriously and are committed to protecting personal data. We remain vigilant to the crucial issue of personal data storage and continue to work to ensure GDPR compliance is a robust part of the University’s every day processes”.
If you have any questions regarding GDPR please email the team via [email protected]