{ "items": [ "\n\n
Frequently asked questions about Data Privacy
\n \n\n \n \nThe University's guidance on the principles of Data Protection
\n \n\n \n \nPlease follow the University procedure for reporting a data breach as soon as possible.
\n \n\n \n \nIf you receive a subject access request you should forward it promptly to the Information Compliance Team, as we are required to respond to requests within a statutory timeframe.
\n \n\n \n \nThe University's GDPR toolkit for photography
\n \n\n \n \nPrivacy Notices for Staff, Students, Alumni etc
\n \n\n \n \nUniversity guidance on how to write a Privacy Notice - for personal data not covered by the standard University privacy notices
\n \n\n \n \nUniversity guidance on how to determine the lawful basis for processing personal data.
\n \n\n \n \nThe University's guide to determining whether legitimate interest can be used as a lawful basis for processing (includes links to templates and examples)
\n \n\n \n \nThe University's guidance on when and how to use consent as a lawful basis for processing
\n \n\n \n \nResearch Services guidance on selecting a lawful basis for research. It isn't possible to link directly to the relevant information, please go to: Lawful - selecting a lawful basis for the processing of personal data
\n \n\n \n \nThis link is provided as a very clear outline and contrast of the use of consent under GDPR and the common law duty of confidentiality, and is included here for clarification if things are getting confusing. Please use Research Services Guidance in the first instance.
\n \n\n \n \nA useful link to the Department of Health guidance on consent under the common law. It is important not to confuse this with consent as a basis for processing under the GDPR. This link is included as a good starting point if things are getting confusing - please check the Research Services advice on this.
\n \n\n \n \nAn example of a privacy notice for Haiku websites
\n \n\n \n \nIf you are undertaking research under the auspices of the CTRG, your Privacy Notice will be incorporated into your Participant Information Sheet.
\n \n\n \n \nPrivacy notices for research projects under the auspices of Medical Sciences IdREC are incorporated into this participant information sheet.
\n \n\n \n \nAdvice on the action you need to take in relation to mailing lists as a result of the GDPR
\n \n\n \n \nIf you are sending marketing emails (see the guidance on mailing lists), you may, under some circumstances, need to use consent as your lawful basis for processing. The GDPR sets a very high standard for valid consent, which must be specific, informed, freely given and unambiguous.
\n \n\n \n \nWe are currently maintaining information about Adestra on the Comms and PE Network Sharepoint site
\n \n\n \n \n