As mentioned in the e-bulletin in previous weeks the General Data Protection Regulation (GDPR) makes some important changes about how the University processes the personal data we hold.
One of these changes is a duty on all organisations, including the University to report certain types of personal data breach to the relevant supervisory authority. Normally this should be within 72 hours of the University becoming aware of the breach.
To make sure we can respond appropriately to any data breach, including meeting the new reporting requirements, the University has in place a data breach procedure. You can find out more about what a data breach is and see a copy of our data breach procedure on the Legal Services intranet page found here.
Another change is the introduction of a legal requirement for public authorities to appoint a Data Protection Officer (DPO). Under the GDPR the DPO is responsible for:-
- Informing and advising the University and its employees about their obligations to comply with the GDPR and other data protection laws.
- Monitoring compliance with the GDPR and other data protection laws, including managing internal data protection activities, advising on data protection impact assessments; training staff and conducting internal audits.
- Being the first point of contact for supervisory authorities and for individuals whose data is processed (employees, students etc.).
The DPO appointed by the University is Emma Cuckow, the University Solicitor. She can be contacted directly or via the data protection e-mail address (email@example.com).