The General Data Protection Regulation (GDPR) becomes law in the UK this May.
Despite the vote to leave the European Union, the Government has confirmed that they will adopt the GDPR, which will therefore be law in the UK from 25 May 2018.
How does it affect learning and teaching?
Well, all members of University staff have certain responsibilities under our Data Protection Policy to:
- be aware of the Data Protection Act (and therefore GDPR) and what it means to the University
- follow the policy and procedures for handling personal data
- consult with the Information Security Officer (Compliance) for advice and guidance when necessary
Wherever personal data is held about anyone, staff, students, visitors etc. there is a legal requirement to comply with the regulation.
The University takes it’s responsibilities for GDPR seriously, and has a number of Information Security Officers who deal with compliance, but there are local requirements and schools and units should familiarise themselves with the changes.
Newcastle University IT service (NUIT) has put together some brief guidance on how the GDPR affects schools, some Dos and Don’ts and some useful links to further guidance from the Information Commissioner’s Office (ICO) and the regulation itself on the EU website.
There is a Brief Update and Guidance (PDF) from the Registrar.
How can I find out more?
- The University of Groningen has produced a free online course on Understanding the General Data Protection Regulation.
- The Jisc has a free online webinar on 16 March 2018: GDPR: into practice – online briefing. Essential steps in your GDPR process which has an associated set of resources.
- The ICO’s 12 Steps to Take Now is a free PDF which lays out briefly the changes and what you need to do about it.
- Read the NUIT pages on Data Protection Information for Staff, including the GDPR pages.
- If you need further information or guidance contact the Newcastle University Information Security Officers.