What’s changing with GDPR?
The General Data Protection Regulation (GDPR) comes into effect on the 25th May and this will affect the way we protect, collect, store and use personal data. Detailed below are the key changes and what SHU is doing to make sure we are ready:
– We need to be clear on the personal information we hold and how we use it
We’re currently compiling a register of all personal information held by the University
– People whose data we hold will have more rights concerning how this is used, their access to it and, in some cases, may choose to amend or even remove data from our records should they wish
We will need be more accountable for why we are holding it and respond to requests faster and at no extra charge. We’re re-writing privacy notices to better inform students and staff on what data we hold, who we share it with, how we use it and why. We’re reviewing policies and procedures and will produce guidance for our staff in how to handle these requests for information
– Under GDPR, fines have increased to a maximum of €20M, we have greater security obligations and we are required to report high-risk security breaches to the Information Commissioner within 72 hours of discovery
In order to manage this increased level of risk, we are working with DTS to review and improve our data security. Whilst our breach management procedures are robust, we are also currently reviewing them to include the new reporting requirements. Again, guidance for staff will be produced on this before GDPR comes into force.