Accountability


The University is responsible for and must be able to demonstrate compliance with the Data Protection Principles and Data Subject Rights.

The GDPR introduces a range of accountability requirements which encourages the University to take a proactive and documented approach to compliance.  These include:

  • implementing policies, procedures, processes and training to promote data protection by design and default
  • having appropriate contracts in place when outsourcing functions that involve the processing of personal data
  • implementing appropriate security measures
  • maintaining records of the data processing that is carried out across the University
  • documenting and reporting personal data breaches
  • the obligation to carry out a Data Protection Impact Assessment before carrying out types of Processing likely to result in a high risk to individuals
  • appointing a Data Protection Officer
  • adhering to relevant codes of conduct and signing up to certification schemes