Data Protection

In May 2018, the data protection law changed. The Data Protection Act 1998 was replaced by the General Data Protection Regulation (GDPR). This has significant implications for the way in which personal data is collected and processed by the University. 

Some of the key changes include: enhanced data subject rights; new rules relating to consent; a requirement for more detailed and transparent notices; mandatory data breach notification. A new principle relating to ‘accountability’ is also being introduced which will impact on record keeping and decision making, with an emphasis on the idea of ‘privacy by design’ – i.e. building privacy principles into projects from the outset and documenting your approach.

Over the coming months we will be providing additional information and resources relating to GDPR. Below is a description of the University’s key data protection documentation which has been revised to take into account these changes.

Aberystwyth University's Data Protection Policy broadly explains how the institution manages key aspects of data protection and outlines staff and student responsibilities. The  and provide more detail about the processing of personal data.

Data protection is similarly addressed within the University's Information Security Policy, Information Security Policy - Responsibilities of Staff, E-Mail Policy and its CCTV Code of Practice

It is important to be aware that the institution passes on personal data to the Higher Education Statistics Agency (HESA) who provide further information concerning this process here:

https://www.hesa.ac.uk/about/regulation/data-protection/notices

Other supporting documentation provides detailed guidance for staff handling personal data in everyday circumstances:

Providing References 

We also process data to support Learning Analytics. Details of this can be found here: Learning Analytics at Aberystwyth University

Further information relating to access to personal data along with other University Data Protection procedures can be found here:

Data Controller Registration
Data Subject Access Requests
Police Enquiries
Personal Data Breach
Research Data and Data relating to non-members of the University
Contractors, Short-Term and Voluntary Staff
Wiping Computer Hard Disks
Data Protection Impact Assessments
Data Subjects' Rights
Privacy Notices
Use of Third Party Services