In May 2018, data protection law changes. The Data Protection Act 1998 will be replaced by the General Data Protection Regulation (GDPR). This will have significant implications for the way in which personal data is collected and processed by the University.
Over the coming months we will be providing further information and resources relating to GDPR.
Aberystwyth University's Data Protection Policy broadly explains how the institution manages various categories of personal data and outlines staff and student responsibilities. Its Data Processing Declaration also explains why students are required to provide consent to the processing of their personal data. Data protection is similarly addressed within the University's Information Security Policy, Information Security Policy - Responsibilities of Staff, E-Mail Policy and its CCTV Code of Practice.
It is important to be aware that the institution passes on personal data to the Higher Education Statistics Agency (HESA) who provide further information concerning this process here:
The University also sets out, in detail, the way in which it processes more sensitive categories of personal data:
Other supporting documentation provides detailed guidance for staff handling personal data in everyday circumstances:
General Compliance with Data Protection
Security of Personal Data when working out of the office
Handling Sensitive Student Information
We also process data to support Learning Analytics. Details of this can be found here: Learning Analytics at Aberystwyth University
Further information relating to access to personal data along with other University Data Protection procedures can be found here:
Data Controller Registration
Data Protection as covered by Staff Contracts
Data Subject Access Requests
Breaches of Data Protection
Research Data and Data relating to non-members of the University
Contractors, Short-Term and Voluntary Staff
Wiping Computer Hard Disks
Each department also has an Information Champion who can advise on basic issues or refer more complex matters to the Data Protection Manager or Records Manager.
Further information can be found externally at: