Countdown to GDPR
13 March 2018
On 25 May 2018 the law on data protection will change when the General Data Protection Regulation (GDPR) comes into force.
Since October 2017, the GDPR Steering Group, which is made up of colleagues from across the University, has been meeting to monitor our progress towards compliance across our Schools and Services and to make sure that we’re ready and prepared for the new requirements.
To ensure that we understand our obligations under the law, we’ll all be required to complete a short online training module, which will be rolled out over the next few months.
In addition to this, some staff (approximately 600) will be required to attend a more in depth, face to face, training session. If your manager has identified you as one of those colleagues, Governance & Legal Services will contact you with details of how to book a place at a session.
The main changes are:
- Enhanced rights for individuals, including the “right to be forgotten”
- Stricter requirements for obtaining consent
- The university must be able to evidence more fully that it complies with the law
- 72-hour limit in which to notify the Information Commissioner’s Office of a breach in certain circumstances
- Penalties for a breach have been increased and now include fines of up to €20 million or 4% of global turnover
For details about what GDPR will mean for us, please visit the GDPR web pages.
We’ll be adding to the guidance in the coming months and will let you know how we’re progressing towards compliance through updates in the Staff Bulletin.
If you have any questions about GDPR, please contact your representative on the Steering Group in the first instance. You can also get in touch with Governance & Legal Services for advice at: firstname.lastname@example.org.