The new General Data Protection Regulation (GDPR), designed to protect individual personal data, became law last week. A major project around this new legislation has been underway since last year, led by Anna Sendall, Director of Governance & Legal Services, and supported by Christine Cartwright, Head of Governance. The project has enabled us to take the opportunity to identify where all our data (not just personal data) is captured and stored.
Understanding and making better use of data can be a game-changer for institutions. I am very grateful to those of you who are now Data Stewards and are taking part in this data mapping exercise. In addition, we all need to take stock of how we deal with any personal data we are handling, as there is a much greater requirement on us as an organisation, and as individuals, to look after other people’s personal data. The recent substantial fine of around £100k levied by the Information Commissioner’s Office on a London-based University for a serious historical breach in releasing student information is a lesson for all Higher Education Providers.
GDPR is European legislation. It has been adopted by the UK, despite the vote to leave the EU, to allow the UK to take advantage of the Digital Single Market. The harmonising and strengthening of data protection rules is a major part of the EU’s ambition to grow its digital economy, making better use of innovative services such as big data and cloud computing. Understandably, the UK needs to be in a position to also be part of this economic development.
Please do stop and think about how you manage your data. Online training is available to all staff via Moodle,
and you can find further information about the College’s GDPR project here
Professor Paul Layzell