Information Governance and Security
- / Information Governance and Security /
- Information Governance /
- Information Governance For The University /
- Data Protection
If you're dealing with Personal Data (if in doubt see definitions below) - then you need to be aware of the requirements and guidance on how to deal with that data legally whilst protecting the privacy of the people who entrust their data to us (our staff, students, visitors, alumni, customers and so on).
If you have a specific information role (e.g. SIRO, Information Asset Owner, Information Manager / Administrator etc) - then you also have you own specific toolkit page accessible from the Toolkit link on the left hand pane.
Use the following links to access data protection guidance (please note these guides are still being further developed):
Conditions for Processing
Detailed guidance on how to decide on the correct 'Condition for Processing' under GDPR
Data Subject Consent
Detailed guidance on how to obtain and record consent to process personal data under GDPR
Detailed guidance on drafting Privacy Notices as part of complying with transparency requirements under GDPR
Anonymisation / Pseudonymisation
Detailed guidance on how and when to anonymise or pseudonymise personal data
Data Protection 15min Toolkit
Sources of help
Data Protection Officer
Clare Stevenson (Solicitor – Head of Legal and Information Compliance)
Contact the DPO for:
- information and advice regarding our obligations under the GDPR and other data protection provisions (e.g. PECR).
- Queries and information on data protection staff training and data protection auditing.
- Advice on data protection impact assessments (DPIA)
- Advice on seeking prior consultation or breach notification with the Information Commissioners Office (ICO)
Information Security Manager
The role of the Information Security Manager is …
Contact the Information Security Manager for:
- Advice on Information Security policy or guidance
- To report information security concerns/issues
- Advice on risk assessments (information security) and measures to reduce risk
Information Support Officer
Contact the Information Support Officer for:
- Any queries regarding data subject rights – e.g. Subject Access Rights
- Freedom of Information Requests
- Requests for information about our data subjects (e.g. students, employees, visitors etc) from 3rd parties (e.g. the Police, tax authorities, parents, spouses etc)
Senior Information Risk Owner (SIRO)
Dr Helen Galbraith (Academic Registrar & Director of SAS)
The University’s SIRO …
Contact the SIRO for:
- Highlighting high risk issues with information processing activities;
Information Asset Owners (IAO)
Each Director or Dean is the responsible Information Asset Owner for the data within their respective directorate/faculty. They hold responsibility to ensure compliance with information security and data protection requirement for their data.
Contact your IAO for:
- Any compliance issue related to data in the respective directorate/faculty
Information Asset Manager / Information Asset Administrator
Every information asset will be assigned a specific ‘Manager’ who is responsible for the day-to-day management of that asset and who will control its use, and how and if that asset is shared, stored, accessed and deleted. Refer to the relevant Information Asset Register entry to identify the appropriate Manager or Administrator.
Information Managers may also be assisted by Information Asset Administrators who are delegated many of the day-to-day tasks.
It is likely that most of the people referring to this guide will be Information Asset Managers or Information Asset Administrators, and if that is you then it is crucial that you have a good understanding of the principles of data protection as you are the first line of defence in making sure we can effectively protect people personal data.
Contact the Information Data Manager/Administrator for:
- Requests to have access to / share their information asset;
- Any proposal to perform a new process with the asset;
- Any other queries/notification regarding the asset
Other Useful Information
Information Commissioners Office (ICO) – www.ico.org.uk
Surveillance Camera Commission - https://www.gov.uk/government/organisations/surveillance-camera-commissioner
JISC GDPR Guidance - https://www.jisc.ac.uk/gdpr
Medical Research Council - https://www.mrc.ac.uk/research/policies-and-guidance-for-researchers/