IS Applications & GDPR

The impact of forthcoming changes to Data Protection legislation on IS Applications and our partners

The Data Protection Act of 1998 will be superseded by the introduction of the General Data Protection Regulation (GDPR) on 25th May 2018.

There are some similarities between the two but there are some important changes, obviously, and we have recently started work in IS Applications on what we need to do to support the University ahead of the implementation of GDPR to ensure that we all comply with the new legislation as far as possible.

First, we have our general GDPR project (ISG006) to work with the University's recently appointed Data Protection Officer (DPO) - Rena Gertz - on ensuring that information about GDPR is available to all staff, students and public through the Records Management web pages, and that all support material and documentation is available to these audiences. This project will also establish a working group across the Information Services Group to make sure that the divisions within ISG are up to date with what needs to be done by each of them. A Sharepoint site will also be developed to support this group in its work.

There is also a project related to this one that will oversee the acquisition of a Privacy Impact Assessment tool to assist the DPO in her rollout of material in preparation of GDPR . This is project STU257.

Finally, there is also a GDPR project for Student Systems - SAC064 - which will address any immediate concerns to enable the University to demonstrate that Student Systems are in compliance with GDPR. There have been a number of preliminary discussions with the DPO and Records Management to identify the likely scope for this project. The scope and deliverables will be reviewed after the Foundation stage when the requirements identified will be prioritised and  the project will be re-planned and re-estimated.

Please contact the project manager on any of the individual projects above for any further information.