The security of data is really important to us and, with the introduction of the General Data Protection Regulation (GDPR), we want to make sure you know what these changes will mean to the way we collect, store and use data.
It’s our duty to maintain the privacy of our employees, students, customers and partners. And we are all responsible for achieving and sustaining compliance with this new legislation.
The General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998. The legislation aims to promote a more compliance-based approach to data protection, with an emphasis on transparency, accountability and data protection by default and design.
The focus has shifted away from enforcement against security breaches and data loss towards an overall compliance culture, requiring a more comprehensive framework of policies and procedures.
The six principles of GDPR:
GDPR removes any ambiguity about who is responsible for privacy, making it clear that we are responsible for the data we hold. The regulator, the Information Commissioner’s Office (ICO), has increased powers to fine organisations up to €20m, or 4% of global turnover if the breach is particularly serious.
Some key points from the GDPR are:
We all need to make changes to everyday processes, and the in-house team has been put in place to provide advice, guidance, tools and templates to make sure your processes comply with the new legislation. These can be accessed from the left-hand menu.
You need to understand the new legislation so you and your line manager identify the changes you need to make in the way you collect, store and use data.
To help prepare you a mandatory eLearning module ‘Data Protection Essentials: General Data Protection Regulation edition’ has been developed and all staff are automatically enrolled. You can access it at HR Online.
The focus is shifting away from enforcement against security breaches and data loss towards an overall compliance culture, requiring a more comprehensive framework of policies and procedures.
The Secretary and Clerk has overall responsibility for GDPR compliance; a small operational GDPR Action Party (GAP) reports to him as Chair of the Data Governance Steering Committee (DGSC). We are also working with around 30 Data Protection Champions from Faculties and Professional Services, including Faculty Business Managers. Together we’re taking forward GDPR implementation work across ARU. Your Dean or Director is responsible for assuring policy and practice is applied effectively.
Your Faculty or Professional Services Data Champion is available for day to day enquiries in relation to records management and data protection including GDPR.
For more complex enquiries and advice please contact the Secretary & Clerks Office:
Helen Guy – Information Compliance Officer: firstname.lastname@example.org, email@example.com
David Humphreys – Information Compliance Manager: firstname.lastname@example.org
Dawn Taylor – Head of Compliance & Risk: email@example.com
Alex Lock – Compliance Manager (Systems & Data): firstname.lastname@example.org
Further guidance on the GDPR can be found on the ICO website.
A copy of the regulation can be found on the EU website.