A new data protection regulation, the GDPR, comes into effect next May. It will introduce stricter requirements for how we handle personal data (i.e. information that can be used to identify a living individual, whether directly or indirectly – such as name, address, identification number).
The changes will require us to:
- embed privacy by design and by default, ensuring that we only collect and use the minimum amount of personal data (using tools such as anonymisation and pseudonymisation). This applies particularly to research involving personal data.
- be able to demonstrate that we are complying. To do so, we will need to maintain registers of how we process personal data and carry out privacy impact assessments when setting up certain projects.
- be more transparent with individuals about how we use their data.
- be more responsive to individual’s wishes or concerns.
- be able to recognise when there has been a data breach and ensure that this is reported promptly.
Whatever your role, you’ll need to think about how you are using personal data in your day to day work and ensure that best practice is followed.
Introductory guidance is available on the University website at: https://www1.admin.ox.ac.uk/councilsec/compliance/dataprotection/gdpr/ (single sign-on required)
This provides an overview of the changes and gives a brief outline of how they are likely to affect the University.
It also sets out what is being done to prepare for these changes, including the development of new guidance and resources (which will be made available over the coming months).
For further information, please email: firstname.lastname@example.org