Ulster's preparations for GDPR
STEP | ACTION | STATUS |
|---|---|---|
1. Conduct an Awareness Campaign | Ensure decision makers and key personnel are aware of the new regulation. Launch online GDPR training programme. Develop Ulster’s GDPR webpage | To arrange a GDPR briefing session contact the Office of the University Secretary @ gdpr@ulster.ac.uk The University’s online data protection training will be launched in Blackboard week beginning 28 May. GDPR information available at https://www.ulster.ac.uk/gdpr |
2. Document our processing activities | Document what personal data is held at Ulster, where it came from and with whom it is shared. | Record of Processing Activities database has been issued to Asset Owners for completion |
3. Communicate privacy information | Review and update current privacy notices. | Information available at Ulster's Privacy Notices |
4. Ensure individuals’ rights | Review processes to ensure deletion of a person's data upon request or provide data in an electronic format free of charge. | |
5. Subject Access Requests – process requests within one month | Update policies and procedures and plan how to handle subject access requests within the new timeframe. | |
6. Establish lawful basis for processing personal data | The University has identified a range of legal basis for processing personal data. | |
7. Manage consent | Review how we seek, record and manage consent and refresh existing consents. | |
8. Ensure children’s rights | Ensure systems are in place to verify ages and get parental consent for any data collection on children. | |
9. Manage data breaches | Update procedures for detecting, investigating and reporting data breaches. | |
10. Ensure data protection by design, conduct privacy impact assessments (PIA) | Ensure that privacy and data protection is a key consideration in the early stages of any project and throughout its lifecycle. | |
11. Data protection officer | Designate responsibility for data protection compliance. | Mr Eamon Mullan, University Secretary, is the University’s Data Protection Officer |
12. Ensure protection of international data transfers | Ensure individual’s rights are protected by adequate safeguards. |