GDPR: One month to go

25 Apr 2018

Are you ready?

You will have heard of the new General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. The new law is all about person identifying information (PII) and the way that this is collected, stored and used by organisations, including us.

We have been preparing for this for some time and have been working with various parts of the University to ensure we are compliant. In addition to these specific areas of work, every member of staff has a personal responsibility to ensure that they are complaint with the new legislation.

You will soon be asked to confirm that you are aware of your responsibilities.

What do I need to do?

Data Protection training - Every member of staff is required to complete the Data Protection training course every two years. This is MANDATORY.
Check (and delete/shred where required) the files and documents you store - Every member of staff must check what files or documents (containing PII) they store on their computer or anywhere else, including email, or as a physical paper copy, and only keep it according to the Records Retention Schedule – the retention period varies for each type of PII.
Report data protection incidents immediately - Every member of staff must familiarise themselves with the reporting procedure for data breaches and report any breach as soon as it is discovered.
Complete the PII Survey (For Academic staff only) - Academic staff will be required to complete a brief survey focusing on the types of PII they hold and where this is held. This is because under GDPR we are required to maintain records of all the PII we hold. If you have collected PII as part of research that is already recorded in data management plans and the ethics application process, then you do not need to complete this survey. If you work in the Professional Support Services this work has already been completed.

For further guidance, read our handy five minute guide or visit the GDPR pages on StaffNet.