GDPR and IT support community day

Lots of work has been put in across the sector understanding the impact of GDPR on areas such as staff/student records, alumni relations, fundraising and marketing/communications – but little thought has been put into what it means for the provision of IT support. Gareth Edwards, Head of IT, Engineering Science, University of Oxford, Rachel Fligelstone, Head of Service Strategy and Communications, Lancaster University and Jenny Jordan, Customer Services Manager, Edge Hill University ran a community day for UCISA members.

ROUND UP FROM UCISA-SSG COMMUNITY DAY ON GDPR

GDPR is everywhere at the moment. As we’re now less than a month until the 25th May implementation date the topic is almost inescapable – the dire warnings about fines we’ve been hearing for so long (€20 million or 4% of the company’s global annual turnover!) are now being complimented by a steady stream of emails from suppliers and services informing us about updates to their privacy policies.
Outside of FE/HE much of the focus has been on marketing activity (and perhaps Facebook!) – but inside the sector how much time was being dedicated to understanding and acting on what GDPR means to how we provide IT support in our Universities and Colleges?
On Friday 13th April over 40 IT and Data Governance staff from Universities across the UK gathered at Edge Hill University’s central Manchester campus for a Community Day to explore the topic further, with the goal of taking back a greater understanding of the regulations’ impact and their responsibilities under the new legal framework.
The day featured a number of workshops, first looking at what we already understood about GDPR and its impact through brainstorming Stakeholders, Services, Data and Dangers.

This was an interesting exercise, revealing a good grasp of not just data protection “fundamentals” such as Data Protection Impact Analysis, Consent and Privacy Notices, but also of where this data might exist and the ways in which it could all go horribly wrong.
This was followed by a GDPR Refresher course provided by Alex Daybank of University of Manchester (very kindly stepping in at the last minute), a useful high-level reminder of the fundamentals of GDPR.
Delegates then took part in an affinity mapping exercise – an opportunity to brainstorm their worries, concerns and questions around GDPR and IT Support, followed by discussing and grouping into topics we would vote on and discuss later in the day. James Bull of ITSM tool supplier Wendia then joined us to give a suppliers eye view of the topic.
After lunch we had the opportunity to hear from representatives from Keele University, University of Glasgow and University of Oxford on their preparations for GDPR, giving some useful insight into some of the issues that have already been considered.
For the closing session of the day we returned to the list of questions we came up with earlier in the day, which delegates had voted on over lunch.

We had the time to discuss the top 4 voted topics:
  • Understanding what GDPR might mean for using and retaining data in an ITSM tool;
  • IT’s role in helping with GDPR
  • Staff and Students – New Starters, Moving Around and Leaving
  • Data Management – Retention Policies and Minimising data gathering
The discussions are documented in more detail here, but the two key themes that emerged are listed below
We wrapped up a full but enjoyable day with one last opportunity to catch up with colleagues, before heading home.
We’d like to say a big thank you to the representatives from Keele, Glasgow, Oxford and Manchester Universities who very kindly offered their time and expertise and gave excellent presentations, as well as Wendia for their input.
Thank you also to Edge Hill University for once again hosting a Support Services Community Day and making us feel welcome.
And a final thank you to the delegates, from Strathclyde to London, who took part and made the day a success.
Presentations, photos and notes from the day are available from the resources page.

Key take-outs:

  • The importance of having, understanding and enforcing data retention policies – this came up initially in discussions about ITSM tools, but was a recurring topic.

  • The need to work closely with other parts of the organisation, particularly where they might be sources of information (e.g. identity and access management, staff/student records) for systems like an ITSM tool.

 

UCISA welcomes blog contributions and comment responses to blog posts from all members. If you would like to contribute a new perspective or opinion on a current topic of interest, simply contact UCISA’s marketing manager Manjit Ghattaura via manjit.ghattaura@it.ox.ac.uk

 

The views expressed on UCISA blogs are the authors’ and do not necessarily reflect those of UCISA

Leave a Reply

Your email address will not be published. Required fields are marked *