No flash message
Some of the content and features delivered by this site requires JavaScript to be enabled in your browser
 
Sunday 21 July
My.Anglia > Staff > Sec clerk > Data Protection > Data Protection

Data Protection

Contents:

The security of data is really important to us and with the introduction of the General Data Protection Regulation (GDPR) we want to make sure you know what these changes will mean to the way we collect, store and use data.
It’s our duty to maintain the privacy of our employees, students, customers and partners. And we are all responsible for achieving and sustaining compliance with this new legislation.

What is GDPR?

 

The General Data Protection Regulation (GDPR) replaces the Data Protection Act 1998.
The legislation aims to promote a more compliance-based approach to data protection, with an emphasis on transparency, accountability and data protection by default and design.

“As a result of these changes, future projects and our systems currently processing personal data will be subject to data privacy impact assessments.”

The focus has shifted away from enforcement against security breaches and data loss towards an overall compliance culture, requiring a more comprehensive framework of policies and procedures.

GDPR removes any ambiguity about who is responsible for privacy, making it clear that we are responsible for the data we hold. The regulator, the Information Commissioner’s Office (ICO), has increased powers to fine organisations upto £20m euros, or 4% of global turnover if the breach is particularly serious.

Some key points from the GDPR are:

  • There is a wider definition of personal data, including technical data such as location data and online identifiers (e.g. IP addresses).
  • New categories of sensitive personal data are added: genetic data and biometric data
  • There is a strong emphasis on accountability and transparency
  • Organisations need to maintain records of their data processing
  • There will be increased rights for data subjects
  • It specifies more detailed security requirements
  • There are increased controls on the use of third parties for processing of personal data
  • A Data Protection Officer must be appointed.

What do I need to do?

 

“Protect people’s privacy and data like it’s your own.”

We all need to make changes to everyday processes, and the in-house team has been put in place to provide advice, guidance, tools and templates to make sure your processes comply with the new legislation. These can be accessed from the left hand menu.

Staff Training

You need to understand the new legislation so you and your line manager identify the changes you need to make in the way you collect, store and use data.

To help prepare you a mandatory eLearning module ‘Data Protection Essentials: General Data Protection Regulation edition’ has been developed and all staff are automatically enrolled. You can access it at HR Online.

The focus is shifting away from enforcement against security breaches and data loss towards an overall compliance culture, requiring a more comprehensive framework of policies and procedures.

Further information and support

 

The Secretary and Clerk has overall responsibility for GDPR compliance; a small operational GDPR Action Party (GAP) reports to him as Chair of the Data Governance Steering Committee (DGSC). We are also working with around 30 Data Protection Champions from Faculties and Professional Services, including Faculty Business Managers.  Together we’re taking forward GDPR implementation work across ARU. Your Dean or Director is responsible for assuring policy and practice is applied effectively.

Your Faculty or Professional Services Data Champion is available for day to day enquiries in relation to records management and data protection including GDPR.
For more complex enquiries and advice please contact the Secretary & Clerks Office:

Helen Guy
Information Compliance Officer

x4234

foi@anglia.ac.uk
dpo@anglia.ac.uk

FOI enquiries
SAR & data protection administration

David Humphreys
Information Compliance Manager

x3696

dpo@anglia.ac.uk

Expert GDPR and data protection advice

Dawn Taylor
Head of Compliance & Risk

X3673

dawn.taylor@aru.ac.uk

Strategic and operational oversight of records management activities

Alex Lock
Compliance Manager (Systems & Data)

X2409

dawn.taylor@anglia.ac.uk

Website and Systems Queries/Advice

Further guidance on the GDPR can be found on the ICO website.

A copy of the regulation can be found on the EU website.