UCISA publishes GDPR 'survival guide' including FAQ answers and implementation case studies from 11 leading universities
UCISA has today published a compendium of practical steps taken by higher education institutions around the UK in readiness for the new General Data Protection Regulations (GDPR) which come into force on May 26.
The UCISA case study document has been provided to help member institutions understand what the sector is doing and help with their own preparations. While the publication does not constitute legal advice, the Information Commissioner's Office has been consulted on its production, and it includes information which should be of use to all institutions in their GDPR compliance work.
"As IT professionals, we are aware of many existing inadequacies in our data management which are likely to be more acute under GDPR," said James Smith, Director of IT at Birkbeck, University of London, and a member of UCISA's Corporate Information Systems Group which commissioned and collated the content.
"The document is written from the viewpoint of IT and Corporate Information Systems managers and intended to serve as a collection of assessments of implementation considerations and practical steps that either have, should, or can be taken."
A total of 11 leading universities of all sizes from across England, Scotland, Wales and Northern Ireland have provided case studies for the publication which are now available for download from the UCISA publications library. The case studies, presented anonymously, highlight 'real-life sector responses' to each of the 12 steps to GDPR implementation outlined by the Information Commissioner's Office (ICO).
"In a number of cases, we have added hints and tips in ‘Be Aware’ sections to highlight where opportunities for improvement exist. We have also included answers to frequently asked questions drafted by members if UCISA's Corporate Information Systems Group," said James.
"The case studies, along with answers to many frequently asked questions, will be of interest to anyone with responsibility for any part of institutional business processes that rely on personal data. That includes anyone responsible for the management and development of corporate information systems or data and database management policy and practice and takes in, for example, student records management, HR and marketing."
A range of practical examples of GDPR-related communications are incorporated into the publication including a staff awareness email, data protection officer job description, Consent Guidance document and Privacy Notice Form.
GDPR is on the agenda of UCISA's GDPR and IT Support community day at Edge Hill University on April 13. The event, organised by UCISA's Support Services Group, will focus on the impact of GDPR on IT support. Bookings for the free event, limited to two delegates per member institution, close on Monday, April 2.
James Smith will also be presenting the Corporate Information Systems Group's GDPR work at the UCISA's Cyber Security Survival Guide event in Birmingham on May 3. The event, organised by UCISA's Infrastructure Group, is aimed at HE and FE senior managers, security managers and infrastructure professionals. Bookings close on April 20.