Ulster's preparations for GDPR

Information on what Ulster University is doing to prepare for GDPR.

Ulster's Preparations for GDPR




1. Conduct an Awareness Campaign

Ensure decision makers and key personnel are aware of the new regulation.

Launch online GDPR training programme.

Develop Ulster’s GDPR webpage

To arrange a GDPR briefing session contact the Office of the University Secretary @ gdpr@ulster.ac.uk

The University’s online data protection training will be launched in Blackboard week beginning 28 May.

GDPR information available at https://www.ulster.ac.uk/gdpr

2. Document our processing activities

Document what personal data is held at Ulster, where it came from and with whom it is shared.

Record of Processing Activities database has been issued to Asset Owners for completion

3. Communicate privacy information

Review and update current privacy notices.

Information available at Ulster's Privacy Notices

4. Ensure individuals’ rights

Review processes to ensure deletion of a person's data upon request or provide data in an electronic format free of charge.

Guidance available in GDPR Policy

5. Subject Access Requests – process requests within one month

Update policies and procedures and plan how to handle subject access requests within the new timeframe.

Guidance available in GDPR Policy

6. Establish lawful basis for processing personal data

The University has identified a range of legal basis for processing personal data.

Guidance available in GDPR Policy

7. Manage consent

Review how we seek, record and manage consent and refresh existing consents.

Guidance available in GDPR Policy

8. Ensure children’s rights

Ensure systems are in place to verify ages and get parental consent for any data collection on children.

Guidance available in GDPR Policy

9. Manage data breaches

Update procedures for detecting, investigating and reporting data breaches.

Guidance available in GDPR Policy

10. Ensure data protection by design, conduct privacy impact assessments (PIA)

Ensure that privacy and data protection is a key consideration in the early stages of any project and throughout its lifecycle.

Guidance available in GDPR Policy

11. Data protection officer

Designate responsibility for data protection compliance.

Mr Eamon Mullan, University Secretary, is the University’s Data Protection Officer

12. Ensure protection of international data transfers

Ensure individual’s rights are protected by adequate safeguards.

Guidance available in GDPR Policy