Ulster's preparations for GDPR
Information on what Ulster University is doing to prepare for GDPR.
1. Conduct an Awareness Campaign
Ensure decision makers and key personnel are aware of the new regulation.
Launch online GDPR training programme.
Develop Ulster’s GDPR webpage
To arrange a GDPR briefing session contact the Office of the University Secretary @ email@example.com
The University’s online data protection training will be launched in Blackboard week beginning 28 May.
GDPR information available at https://www.ulster.ac.uk/gdpr
2. Document our processing activities
Document what personal data is held at Ulster, where it came from and with whom it is shared.
Record of Processing Activities database has been issued to Asset Owners for completion
3. Communicate privacy information
Review and update current privacy notices.
Information available at Ulster's Privacy Notices
4. Ensure individuals’ rights
Review processes to ensure deletion of a person's data upon request or provide data in an electronic format free of charge.
5. Subject Access Requests – process requests within one month
Update policies and procedures and plan how to handle subject access requests within the new timeframe.
6. Establish lawful basis for processing personal data
The University has identified a range of legal basis for processing personal data.
7. Manage consent
Review how we seek, record and manage consent and refresh existing consents.
8. Ensure children’s rights
Ensure systems are in place to verify ages and get parental consent for any data collection on children.
9. Manage data breaches
Update procedures for detecting, investigating and reporting data breaches.
10. Ensure data protection by design, conduct privacy impact assessments (PIA)
Ensure that privacy and data protection is a key consideration in the early stages of any project and throughout its lifecycle.
11. Data protection officer
Designate responsibility for data protection compliance.
Mr Eamon Mullan, University Secretary, is the University’s Data Protection Officer
12. Ensure protection of international data transfers
Ensure individual’s rights are protected by adequate safeguards.