You will have heard of the new General Data Protection Regulation (GDPR) which comes into force on 25 May, 2018. The new law is all about Person Identifying Information (PII) and the way that this is collected, stored and used by organisations, including us.
Every member of staff has a personal responsibility to ensure that they are compliant with the new legislation.
What do you need to do?
Data Protection training
Every member of staff is required to complete the Data Protection training course every two years. This is MANDATORY.
Check and delete or shred the files and documents containing PII that are held beyond the stated retention period
Every member of staff must check what files or documents (containing PII) they store on their computer or anywhere else, including email, or as a physical paper copy, and only keep it according to the Records Retention Schedule – the retention period varies for each type of PII.
Report data protection incidents immediately
Every member of staff must familiarise themselves with the reporting procedure for data breaches and report any breach as soon as it is discovered.
Complete the PII Survey (For Academic staff only)
Academic staff will have to complete a brief survey to complete focusing on the types of PII they hold and where this is held. This is because under GDPR the University is required to maintain records of all the PII held. If you have collected PII as part of research that is already recorded in data management plans and the ethics application process, then you do not need to refer to this information in this survey. If you work in the Professional Support Services this work has already been completed.