What is GDPR ?

What is GDPR?

The General Data Protection Regulation (GDPR) is a European Union regulation designed to strengthen and unify Data Protection within the EU. GDPR will replace the existing UK Data Protection Act 1998 when it comes into effect on 25^th May 2018

But isn’t the UK leaving the European Union?

The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR, meaning that the University will need to ensure it is compliant with new requirements.

How will it differ from the Data Protection Act?

Many things will be the same, or very similar, but there will be some big changes. GDPR has been designed not only to harmonise Data Protection practices, but specifically to strengthen the rights of Data Subjects.

For example; organisations need to be able to demonstrate compliance with the Regulation in a way not previously required, the standards required for gaining consent to process personal data are much higher, organisations will be required to report significant data breaches to the Information Commissioner’s Office within 72 hours, and the potential penalties for non-compliance are significantly higher than they are currently (potentially amounting to a 20 million Euro fine).

Where can I find out more information about GDPR?

Information Assurance Services are leading on ensuring the University's processes and procedures will be in line with GDPR by 25^th May 2018. Please make use of the below links to find out more about GDPR and how it will affect the University. Please check back regularly as new content will be added on a regular basis.

• Frequently Asked Questions
• GDPR Drop in sessions
• GDPR Briefings by Rosemary Jay
• April 2018 Briefings by Rosemary Jay
• Guidance Note No. 1: What you can do to comply with for GDPR
• Guidance Note No. 2: Reviewing your departmental files
• Reviewing your files webinar
• Guidance Note No. 3: Reviewing your emails
• Guidance Note No. 4: Writing a Privacy Notice
• Privacy Notice Template (Word Document)
• Guidance Note No. 5: Individuals' Rights
• Guidance Note No. 6: Understanding the Lawful Basis for Processing
• Guidance Note No. 7: Understanding Data Breaches
• Guidance Note 8 Data Mapping Quick Guide.pdf
• Guidance Note 9: Student Information Retention Quick Guide
• Guidance Note 11 GDPR and Procurement Quick Guide
• Guidance Note 12 GDPR and Research Data Quick Guide
• Guidance Note 13: GDPR and Consent
• Guidance Note 14: Is your team ready for GDPR
• Guidance Note 15: GDPR Myth Busting
• Guidance Note 16: Data Protection Impact Assessments (DPIAs) Quick Guide
• Guidance Note 17: GDPR Where to go for more information
• Guidance Note 18: Top Tips for a Successful Information Spring Clean
• Guidance Note 19: Top Tips on Reviewing your Email
• Guidance Note 20: Understanding the difference between Data Controllers and Processors
• GDPR Checklist for Principal Investigators (Word document)
• OneTrust Data Mapping User Guidance
• Data Protection Roles and Responsibilities

In the meantime if you have any questions please contact us by calling extension 7945 or by emailing ias@le.ac.uk.

In addition the Information Commissioner’s Office has online information dedicated to GDPR which you can access via this LINK.