The General Data Protection Regulations (GDPR) will replace the Data Protection Act 1998 (DPA) coming into force on 25th May 2018.
Further information about how to ensure compliance with GDPR can be found in the Staff Guidance on Data Protection booklet
More practical advice about handling personal data is available in the Data Protection Do's and Don'ts Guide
Data privacy should be considered as part of any project or activity which involves processing personal data to ensure data protection is a key consideration from the outset. A Data Protection Impact Assessment (DPIA) can be used as a tool to assist with this process:
The Data Protection Principles will remain largely the same and the University will still need to ensure personal data is;
1. Obtained fairly & lawfully
2. Processed for specified & lawful purposes
3. Adequate, relevant and not excessive
4. Kept accurate and up to date
5. Kept no longer than necessary
6. Processed in accordance with the data subject’s rights
7. Kept safe & secure
8. Not transferred outside the EEA.
In addition to this, the GDPR will encourage a more proactive and documented approach to compliance. This means the University will have to keep records of the personal data it holds and how that data is processed. The University takes these statutory obligations seriously and will;
The University will continue to be regulated by the Information Commissioners Office (ICO) with regards to data protection.
If you suspect there has been a breach, you must report it without delay to: Itshelp@hope.ac.uk using subject header: DATA BREACH
For further guidance on what you need to report and what to do if you discover a breach outside of core working hours, please see the University's GDPR Data Breach Procedure.
The University must report a breach of data to the Information Commissioners Office within 72 hours of discovering the breach. DO NOT DELAY INFORMING THE UNIVERSITY IF YOU SUSPECT A BREACH.
Staff training to deal with the changes that the GDPR will bring will be available online from May 2018.
The Information Commissioners Office (ICO) is the UK's independent authority set up to uphold information rights in the public interest and data privacy for individuals.
The ICO has a wide range of information available on GDPR including 'Preparing for the General Data Protection Regulation: 12 Steps to Take Now'
There are also toolkits available to help staff working with personal data - Think.Check.Share.Communicating the Importance of Information Security to Staff