GDPR six months on

Posted by rmt22 at Dec 13, 2018 05:08 PM |

It’s just over six months since the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018 (DPA2018) came into force in the UK and EU. Happily (despite dire warnings in the press) we’re still here and continue to collect, use and manage data, but in a safer and more transparent way.

The University has put in place many improvements to support our Data Protection compliance, some of the highlights include:

  • The appointment of a Data Protection Officer (Liz Taoudi) who will now be leading the University’s Data Protection framework. Liz can be contacted on
  • A new system for logging data breaches which can be reported by calling 0116 252 5800
  • An Information Asset Register which records what data is being collected and used
  • A series of guidance documents to make data protection easy to understand
  • A new series of face-to-face training sessions on data protection in practice. Further information on these sessions can be found here.
  • A series of privacy notices which explain to individuals how their data is used

Data Protection is with us to stay and we continue to need staff support to ensure continued compliance with GDPR/DPA2018. There are many ways that staff can help with this. These include:

  • Completing the mandatory information security e-learning – this is available via BlackBoard by searching for ‘information security’. Training is a vital component of our data protection framework and the lack of trained staff is often an aggravating factor when organisations fall foul of a data breach. If you have not already completed this mandatory training please do so at the earliest opportunity.
  • Make sure that the personal data you obtain, use and store is captured in the University’s Information Asset Register – if you want to add your data or aren’t sure if it’s captured please email for more information.
  • Report a data breach as soon as you know about it by calling 0116 252 5800
  • Make sure any new project of initiative is risk assessed for privacy concerns. For more information email
  • Ensure that local HR files and information related to staff no longer working in your Department or Division are disposed of securely (the core personnel record will continue to be held centrally by HR)

If you have any questions around data protection please email or start a conversation on the GDPR Yammer Group.

Share this page: