Having joined the University as the new Head of the Data Protection/Data Protection Office (DPO) in May 2022, this is the first of my termly data protection newsletters. I hope you find the updates and news stories useful!
Sharing personal data in an emergency – a guide for universities and colleges
On the 22 September, during our Welcome Week, the Information Commissioner’s Office (ICO) published a timely reminder of how we can legitimately use personal data to support our students in an emergency situation:
“The new academic year in HE and FE is approaching, which is a good opportunity to remind everyone in universities and colleges that they should not hesitate to share students’ personal data to prevent serious harm to the physical or mental wellbeing of a student in an emergency situation, or protect a life. Data protection law allows this, and you won’t get into trouble if you share information with someone who is in a position to help a student at risk.” Blog: Sharing personal data in an emergency – a guide for universities and colleges | ICO
Updated Data Protection Policies
The University’s data protection, data breach and data subject rights policies have been updated to reflect current data protection requirements and safeguards.
Please read the policies so that you are confident that you are using data lawfully in your role.
These policies help you do the right thing when you are:
- using personal data
- responding to requests for personal data
- reporting a data breach or data security incident
- contracting with other organisations who use personal data on the University’s behalf
- handling particularly sensitive data such as allegations or reports of criminal activities.
Mandatory Data Protection Training
All staff are required to complete mandatory training modules including one that covers data protection, freedom of information and records management during their induction.
To ensure that knowledge of data protection is maintained, all staff are required to retake this module every two years. This will provide you with the confidence that you are processing personal data in a secure and legally compliant way; and allows the University to demonstrate that it is complying with its legal requirement to only have trained staff processing personal data.
If you haven’t revisited this module in the past two years, please do log on as soon as possible and complete it.
New Communication Channels
Finally, we are excited to announce the launch of our new Assurance and Data Protection webpages and SharePoint site. This should be your first port of call for anything data protection, freedom of information or records management related. Do check them out and let us know what you think!
If you have any questions not answered on the Assurance and Data Protection sites, or if you need further support and guidance please do get in touch with the team by emailing email@example.com.
Head of Data Protection / Data Protection Officer (DPO)