General Data Protection Regulation (GDPR)

New data regulations will come into force in May 2018.

On Friday 25 May 2018 the General Data Protection Regulation (GDPR) comes into force, replacing the Data Protection Act 1998 in regulating how we collect, use, store and dispose of personal data. Moreover, the GDPR places the onus for proving compliance firmly on the University.

These changes will affect all staff who handle personal data.

Personal data is information that allows you to identify a person either directly or indirectly. Examples include postal address, phone number, email address, and salary details.

To support staff, the following advice and guidance is now available:

Training

• Data protection training through Learn is mandatory for every staff member who handles personal data – please complete this training before the end of June 2018
• An additional training module will also be mandatory for researchers and research support staff members – we will contact you directly when this is available
• Data protection drop-in clinics will be made available on a rotational basis in all areas of the University. These will be advertised through the Data Protection Champions in your area

Advice and support

• New GDPR webpages include guidance for all staff and for academic staff. Privacy Notice templates to use in conference registrations and newsletters are available on request
• Nominated Data Protection Champions will be able to provide additional advice and support across the University. A contact list will soon be published on the Records Management website.

Policy and handbook

• A new Data Protection Policy will be made available on 25 May
• A Data Protection Handbook will provide guidance and procedures for all employees

More information is now available on the GDPR webpage but please contact Rena at dpo@ed.ac.uk for further advice and guidance.

Related links

General Data Protection Regulation (GDPR)

Data protection training on Learn