Training and support
OneTrust is a new online system that forms a significant part of our GDPR programme of improvements; making it quicker, simpler and easier for employees to comply with GDPR and manage information risk. The Information Governance Office has run a series of briefing sessions for staff to explain what it is and when it should be used. If you missed a session and would like more information please contact us.
The primary role of the Information Governance Guardian (IGG) is to provide assurance to the Dean, Head of School or Director regarding local compliance with the Data Protection Policy and associated procedures. The IGG is also accountable to the University’s Head of Information Governance. The IGG will normally be a senior member of the Professional Support Services and will be supported by an Information Governance Officer for matters relating to issues of data protection and information security
IGGs' responsibilities include:
- Ensure all staff and management are aware of the latest Policies, SOPs and Standards by cascading messages sent through the network, as well as appropriate articles published in newsletters, when prompted by the IGO.
- Ensure awareness campaigns are fully executed and all staff receive the required training. This involves cascading guidance, providing information, advertising forums/events/workshops and monitoring training completion rates, through the network of Information Governance Coordinators (IGCs) and according to the annual plan.
- Ensure the Information Asset Register (IAR) for the area of guardianship is developed, accurate and up-to-date, especially for critical and higher classified information assets. This may require input from the network of IGCs before being collated and returned to the IGO. The relevant IAR will require annual review.
- With the support of the IGO, ensure all staff under the area of guardianship are aware of the information governance tools available and assist in answering initial queries arising out of new processes / projects / initiatives / 3rd parties requiring risk assessment (including Data Protection Impact Assessments). This will be required as and when the IGG is made aware of such projects.
- When informed of information security incidents, data protection incidents, exceptions and risks, ensure they are captured, recorded and communicated in a timely manner and according to the relevant systems (currently under development) and assist in implementing any resulting recommendations.
- Ensure good secure house-keeping practice is performed and maintained throughout the area of guardianship by ensuring there is an annual audit programme in place, through the relevant IGCs, and subsequent submission of an overarching annual audit report by the IGG to the IGO.
- Ensure the information governance maturity metrics are implemented, measured and reported quarterly (using the red-amber-green-blue system), and undertake any resulting recommendations.
- Where required, ensure that Information Governance Coordinators are nominated and trained for each functional area.
- Provide management reports on the information governance status and maturity metrics to the local leadership team.
- Pursue the adoption of Information Security, Data Protection, Records Management and Business Continuity best practice.
- Contribute to the development of Information Governance strategy and planning
- If the IGG will no longer be able to fulfil this role (e.g. if they are planning to leave the University), they must inform their line manager and ask them to find a replacement. The IGGN chair should also be made aware so that they can ensure that a suitable replacement is nominated in a timely manner.
Who is my Information Governance Guardian?
This document requires CAS authentication.
Online data protection course (TBF26)
We are all responsible for protecting the personal data which individuals have entrusted to the University. Failure to do so can result in significant harm and distress to the individuals whose data we hold, and damage to the University's reputation. The course is mandatory for all staff with an active IT account, and must be completed every 2 years.
The course details can be found in the University’s Training Catalogue.
The aim of the course is to provide a basic understanding of data protection legislation so that we can exercise our responsibility for protecting the rights and privacy of individuals when handling personal data.
The course is included on the Induction Checklist for New and Transferring Staff.
A copy of the course transcript is available from the Resources tab in the Training Catalogue.