General Data Protection Regulation (GDPR)
The General Data Protection Regulation (GDPR) comes into force on 25th May 2018 replacing the Data Protection Act 1998. The UK will also be subject to a separate Data Protection Bill that will legislate on areas outside of the GDPR and those areas where member states are required to implement their own law. Once passed this will become the Data Protection Act 2018.
The University creates, gathers, stores and processes large amounts of data on a variety of data subjects such as students, staff and customers. The University takes its responsibility seriously to ensure that data is secure and protected in line with the law.
The University has prepared a suite of documentation which explains how it processes personal data, how it is kept securely and which provides guidance to staff
GDPR Policy - The Policy sets out the responsibilities of the University, its staff and students to comply with the provisions of GDPR.
GDPR Guidance Handbook – provides information and guidance on different aspects of data protection and security.
Forms and Templates - including DPIA forms and templates for privacy notices
Privacy Notices – These notices explain for our main groups of data subject, what we do with their personal data, who we share their data with and how we keep it secure.
Online GDPR Training - Training course on GDPR that is part of the staff induction material
Data Classification and Handling Policy – This policy provides a framework for classifying and handling data to ensure that an appropriate degree of protection is applied to all data held by the University.