skip to content
 

The following message was sent by the Acting Registrary on 9 May, 2017.

To: Heads of Council Institutions; Administrators Council Institutions; Heads of Schools; Secretaries of Schools; Heads of GB Departments; Administrators GB Departments; Chairs of Faculty Boards; Secretaries of Faculty Boards.

Dear Colleagues,

I am writing to inform you about forthcoming changes to data protection law and the University’s plans to address them. I would encourage you to share this information with your staff as necessary. These changes will affect organisations in all sectors, both public and private, across all countries in the EU, including the UK. The changes will have a wide-ranging impact on how all organisations, including the University, can hold and use information about living identifiable individuals.

The changes arise from the implementation of the General Data Protection Regulation (GDPR). The GDPR will apply from 25 May 2018 and will replace the Data Protection Act 1998 (DPA). Like the DPA, the GDPR sets out rules and standards about how organisations can use information relating to living identifiable individuals. The GDPR’s rules and standards are based around existing concepts of data protection principles and individual rights. However, the GDPR is more prescriptive than the DPA in describing how organisations should implement the principles – and how they should demonstrate that they are doing so. All areas of the University use different types of information about numerous categories of individual (for example, applicants, students, alumni, staff, research subjects, members of the public) in multiple ways. The GDPR therefore will affect many areas of University activity.

The University has established a GDPR Data Protection Working Group, chaired by the Acting Registrary, to work on and oversee the University’s preparations for the GDPR. As well as members from various offices of the UAS, UIS and the University Library, the group includes representatives from the Office of Intercollegiate Services, Cambridge Assessment and Cambridge University Press to ensure a coordinated approach to the implementation of the changes across collegiate Cambridge.

As well as considering and managing the necessary changes to central policies and processes, the working group is creating guidance in relation to changes that might need to be implemented locally by Schools, Faculties, Departments and other University Institutions. A new online training course for all staff will also be created and launched later in the year.

I hope to be in touch again in the autumn to alert you to further guidance materials and to the training course, and we also plan to arrange meetings to raise awareness and address queries. In the meantime, questions may be addressed to data.protection@admin.cam.ac.uk.

Emma Rampton
Acting Registrary

 

Published

09 May 2017

Image