Information Governance

Data Protection Officer

The GDPR requires that organisations have a designated Data Protection Officer, the University has appointed 'The Information Governance Manager' to this role.

Details on how to contact the DPO.

Compliance and RiskInformation GovernanceGDPR

GDPR

The General Data Protection Regulation is a law of the European Union which sets out the ways in which the personal data of individuals located in the EU and EEA must be handled. As a regulation the GDPR applies within the UK and is partnered by the Data Protection Act 2018 and will be written into UK law following the exit from the European Union.

Scope

GDPR - The GDPR applies to all data controllers and data processors located in the EU or EEA and to any organisation processing the data of any individuals located in the EU or EEA.

DPA2018 – The DPA provides the derogations in the GDPR that are relevant to local law, it also provides legislation on how personal data in relation to crime and justice data must be managed.

Key content

Accountability

Unlike previous data protection legislation, the GDPR requires that organisations demonstrate their compliance. This includes transparency when dealing with data subjects and ensuring that they are appropriately informed of the processing of their data.

Data Protection by Design

Organisations are required to ensure that data protection is considered during the design of systems and processes. At the University we have implemented a process for the completion of Data Protection Impact Assessments to allow the people in the business designing processes a toolkit for better understanding the personal data they are required to process, their reasoning and the associated risks.

Rights of the data subject

Under the GDPR data subjects have the following rights in relation to how organisations process their data.

  • The right to be informed
  • The right of access
  • The right to rectification
  • The right to erasure
  • The right to restrict processing
  • The right to data portability
  • The right to object
  • Rights in relation to automated decision making and profiling.

Individual’s requests to exercise these rights are coordinated by the IG office.

Data Protection Officer

The GDPR requires that organisations have a designated Data Protection Officer, The University has appointed The Information Governance Manager to this role. For details on how to contact the DPO please see the details on our website.

Data Protection Officer

The GDPR requires that organisations have a designated Data Protection Officer, the University has appointed 'The Information Governance Manager' to this role.

Details on how to contact the DPO.