Data Protection

In May 2018, the data protection law changed. The Data Protection Act 1998 was be replaced by the General Data Protection Regulation (GDPR). This has significant implications for the way in which personal data is collected and processed by the University. 

 

Some of the key changes include: enhanced data subject rights; new rules relating to consent; a requirement for more detailed and transparent notices; mandatory data breach notification. A new principle relating to ‘accountability’ is also being introduced which will impact on record keeping and decision making, with an emphasis on the idea of ‘privacy by design’ – i.e. building privacy principles into projects from the outset and documenting your approach.

 

Over the coming months we will be providing additional information and resources relating to GDPR. Below is a description of the University’s key data protection documentation which has been revised to take into account these changes.

 

Aberystwyth University's Data Protection Policy broadly explains how the institution manages key aspects of data protection and outlines staff and student responsibilities. The Data Protection Statement for Students and Privacy Notice for Staff provide more detail about the processing of personal data.

Data protection is similarly addressed within the University's Information Security PolicyInformation Security Policy - Responsibilities of StaffE-Mail Policy and its CCTV Code of Practice.

 

It is important to be aware that the institution passes on personal data to the Higher Education Statistics Agency (HESA) who provide further information concerning this process here:

https://www.hesa.ac.uk/about/regulation/data-protection/notices

 

Other supporting documentation provides detailed guidance for staff handling personal data in everyday circumstances:

Security of Personal Data when working out of the office 
Providing References 

We also process data to support Learning Analytics. Details of this can be found here: Learning Analytics at Aberystwyth University

 

Further information relating to access to personal data along with other University Data Protection procedures can be found here:

Data Controller Registration 
Data Subject Access Requests 
Police Enquiries 
Breaches of Data Protection 
Research Data and Data relating to non-members of the University
Contractors, Short-Term and Voluntary Staff 
Wiping Computer Hard Disks 

Privacy Impact Assessments (PIAs)

Data Subjects' Rights under GDPR

Privacy Notices

Use of Third Party Services


Further information can be found externally at:

Data Protection Links