The University has issued guidance to help institutions comply with the GDPR, a new data protection law that comes into force in May 2018.
A toolkit has been designed to assist University institutions in implementing their preparations for the General Data Protection Regulation (GDPR). It has been issued by the University’s GDPR Data Protection Working Group, which is chaired by the Registrary. The toolkit contains a checklist of actions that institutions will need to complete in order to comply with the new law. Information about the toolkit has been sent out directly to relevant officers in Schools and Non-School Institutions, and is also available to download here (Raven login required).
The GDPR is a new law that will apply from 25 May 2018 and will replace the Data Protection Act 1998. The GDPR requires the University, both centrally and within institutions, to make a number of changes in how we collect, hold and use information about living identifiable individuals (whether they are applicants, students, alumni, staff, research participants, visitors, and so on). The changes we need to make are not optional – they are requirements to ensure that the University complies with the new law.
Departmental Administrators (or equivalents) are asked to:
(a) work through the actions in the toolkit, for which assistance will be provided (see below). You may also wish to seek the help of a small group of relevant colleagues including your Computer Officer (or equivalent); and
(b) return a completed copy of the checklist to James Knapton, the Information Compliance Officer by Friday 4 May 2018.
Further communications and reminders will be sent over the next few months.
To assist Departmental Administrators and others, two (identical) GDPR Toolkit Workshops have been scheduled as follows:
- Wednesday 6 December 2017, 2pm–4pm, the Council Room, the Old Schools
- Thursday 7 December 2017, 10am–12 noon the Council Room, the Old Schools.
Please email James Knapton if you would like to attend on one of these dates; a confirmation and further details for attendees will follow shortly beforehand. If there is significant demand, further workshops will be convened later in December and/or early 2018 as necessary.
Further information about the GDPR and the University’s data protection working group is available here (Raven login required).
For any further questions, please contact James Knapton in the Information Compliance Office.