Information Services

Ensuring Secured International Data Transfer Across the University

The University is engaging in cross-college collaboration to ensure data sharing standards are aligned to the newly released European Data Protection Board draft recommendations

On November 2020 the European Data Protection Board (EDPB) issued draft recommendations on measures for safeguarding international data transfers around the transfer of personal data outside the European Economic Area (EEA). In response, the University’s Information Services Group, in liaison with the University Data Protection Officer, launched a project to identify the means and mechanisms of international data transfer currently in use across the University.

International data transfers can occur in various ways across the University – examples are an academic using a Chinese app for teaching, where students submit their names, email addresses and quiz answers; colleagues storing data in a cloud where the servers are based in the USA; or a PI collaborating with a University in Nigeria and sending identifiable research data,

Rena GertzUniversity Data Protection Officer

The project began by launching a pilot with the Biomedical Sciences, PPLS and Engineering schools to survey the ways in which international data is transferred for each specialty. The project team will then review results from the survey pilot and incorporate any necessary changes prior to rolling out the finalised survey to University staff across all schools.

The intent of the survey is to understand and map where international data transfers are taking place across the University in order to inform the University response to the EDPB draft recommendations and develop policies and processes to ensure compliance.

“The EDPB Recommendations aim to protect personal data sent outwith the EEA to countries that do not have adequate data protection regimes in place and so require additional safeguards to protect that data when transferred to the recipient country. Essentially, they increase the burden on due diligence that is required to send such data outwith the EEA,” said Rena. “The field of compliance with data protection legislation is ever growing and will certainly open up more opportunities for me to collaborate with ISG.”