Information Governance and Security
- / Information Governance and Security /
- Information Governance /
- Information Governance For The University
Information Governance for the University
Find out about your obligations and how to comply, including protecting personal information, Freedom of Information Reqeusts and Data protection.
If you're after guidance for a specific role or function, we have created collections of relevant information here...
If you're after specific guidance on any aspect of IG (e.g. Data Protection, Subject Access requests, FOI), click here...
External requests for information
Received an external request for info about the University or any personal data we hold?
Information Security Useful Info
Useful documentation to promote excellent Data and Information Security
What is GDPR?
The General Data Protection Regulation (GDPR) is the new EU legal framework for data protection. The GDPR applied across all member states from 25th May 2018.
In the UK the GDPR now sits alongside the Data Protection Act 2018 which together replace the old Data Protection Act 1998 and introduce greater protections for personal data and bring data protection law into the digital age.
Here are the top things to do to be GDPR Ready:
- Complete and maintain your Information Asset Registers (Records of Processing)
- Identify and manage any areas where you share personal data outside the University
- Ensure you clear out personal data you no longer need in accordance with the Retention Schedule, including a clear out of emails containing personal data (particularly sensitive personal data) if attachments containing personal data are needed, stored them securely in access controlled folders.
- Complete your mandatory Information Security training and follow IS guidance - Click here
- Ensure you are handling all data (including personal data) in accordance with the requirements depenant on its classification - see Data Classification guidance
- Be aware of who your Information Governance Champion is (click here) - these people should be your first point of call for queries.
- Avoid that stomach churning feeling of being responsible for a data breach - if you are doing anything (particularly sending, emailing, sharing) with personal data (especially sensitive personal data) then stop, think, double check or ask.
- If a breach or incident has occurred - report it immediately (see button above)
SPA: Security Protection Accountability
Immerse yourself in security, protection and accountability at Recru it networ. Begin your journey into discovering simple ways to detox and clear out any unwanted data. Whether you are looking to update your knowledge or discover more, you can do so at the comfort of your own desk.
Other information links
Other sources of help and guidance
Information Commissioners Office detailed Guidance on Legislation
The Information Commissioners Office detailed Guidance on Legislation is available here.
An overview of the General Data Protection Regulation (GDPR) is available here.
Sources of help
Data Protection Officer
Contact the DPO for:
- information and advice regarding our obligations under the GDPR and other data protection provisions (e.g. PECR).
- Queries and information on data protection staff training and data protection auditing.
- Advise on data protection impact assessments (DPIA)
- Advice on seeking prior consultation or breach notification with the Information Commissioners Office (ICO)
Information Security Manager
Contact the Information Security Manager for:
- Advice on Information Security policy or guidance
- To report information security concerns/issues
- Advice on risk assessments (information security) and measures to reduce risk
Legal and Governance Support Officer
Contact the Legal and Governance Support Officer for:
- Any queries regarding data subject rights – e.g. Subject Access Rights
- Freedom of Information Requests
- Requests for information about our data subjects (e.g. students, employees, visitors etc.) from 3rd parties (e.g. the Police, tax authorities, MPs, parents, spouses etc.)
Information Governance Champions (IG Champions)
Each Directorate / Faculty / School have there own IG Champion(s). Find yours here.
IG Champions will have received more in depth training around information governance (including data protection) and will be able to assist with many departmental queries/issues.
Senior Information Risk Owner (SIRO)
Dan Perry (Chief Information Officer)
Contact the SIRO for:
- Highlighting high risk issues with information processing activities;
- Sign off of DPIA where the DPO's advice is being overruled
Information Asset Owners (IAO)
Each Director or Dean is the responsible Information Asset Owner for the data within their respective directorate/faculty. They hold responsibility to ensure compliance with information security and data protection requirement for their data.
Contact your IAO for:
- Any compliance issue related to data in the respective directorate/faculty
Information Asset Manager / Information Asset Administrator
Every information asset will be assigned a specific ‘Manager’ who is responsible for the day-to-day management of that asset and who will control its use, and how and if that asset is shared, stored, accessed and deleted. Refer to the relevant Information Asset Register entry to identify the appropriate Manager or Administrator.
Information Managers may also be assisted by Information Asset Administrators who are delegated many of the day-to-day tasks.
It is likely that most of the people referring to this guide will be Information Asset Managers or Information Asset Administrators, and if that is you then it is crucial that you have a good understanding of the principles of data protection as you are the first line of defence in making sure we can effectively protect people personal data.
Contact the Information Data Manager/Administrator for:
- Requests to have access to / share their information asset;
- Any proposal to perform a new process with the asset;
- Any other queries/notification regarding the asset
Other Useful Information
Keele Treatment Data Management - recruitnetworx.info/research/raise/governanceintegrityandethics/researchdatamanagement/#keele-research-data-management-policy
Information Commissioners Office (ICO) – www.ico.org.uk
Surveillance Camera Commission - www.gov.uk/government/organisations/surveillance-camera-commissioner
JISC GDPR Guidance - www.jisc.ac.uk/gdpr
Medical Treatment Council - www.mrc.ac.uk/research/policies-and-guidance-for-researchers/