GDPR one year on
28 May 2019
A message from Tony Brown, Head of Information Governance
It’s one year since the General Data Protection Regulation (GDPR) and the Data Protection Act 2018 came into force, introducing new personal data rights for individuals.
GDPR has brought new requirements for us all in relation to the large amounts of personal data that we hold and process about our current and prospective students, employees, alumni, contractors, research participants, people taking part in widening participation activities and many other individuals.
Over the past year, the Information Governance Office has worked with our Information Governance Guardian Networks, to ensure that we are all compliant with GDPR. We have:
- Increased the number of staff who have completed data protection training from 48% to 93%
- Developed a register of information assets and processing activities across the University
- Published seven new central privacy notices covering how we collect, use and share personal data
- Created new Information Governance StaffNet pages containing guidance, Policies and Standard Operating Procedures
- Revised and communicated our Records Retention policy and schedule
- Used the Information Governance Risk Review process to manage personal data risks in over 170 projects; ranging from equipment for teaching in optometry clinics to the development of mobile applications used in research projects.
- Implemented new data management plans with research ethics and the library to embed GDPR requirements into the ethics application process, without adding another Information Governance process for researchers
- Held over 100 awareness, guidance or training sessions on GDPR at locations across the University
In July 2019 we’ll be introducing a new online system called OneTrust. This GDPR compliance and information risk portal will make it quicker, simpler and easier for you to comply with GDPR and manage information risks.
We will share more information about OneTrust with you in due course. In the meantime, thank you for your continuing support, which is key to fulfilling our GDPR responsibilities.
If you have any queries regarding GDPR please do get in touch.
Head of Information Governance