Project - GDPR

Council regards information security as one of the areas of highest risk to the University. Whilst some of the risk mitigation available is technical, Information Technology and Governance Committee has repeatedly recognised that individual behaviouris key. Staff and students need both to know what they should do and be willing to complywith expectations to keep University information and systems secure.  Previous reviews highlighted shortfalls in internal comms and role specific training and recent audits highlighted need to refresh policies and procedures to support safe and secure remote working.  In June 2021 the Change Portfolio Board accepted the proposal to facilitate a project which aims to transform University culture to a Data Protection by Design mindset and develop staff capability in information management more generally, thereby also delivering more effective and efficient working practices. 

Project Strands include Internal Communications, Training and Development, establishment of communities of practice and a meeting of key stakeholders to provide framework providing the Academic Community with clarity on the synergies, overlaps and obligations relating to our institutional policies, GDPR, Data Asset recording, research accessibility and visibility agenda. 

This project links into the broader Compliance CultureProgramme - taking a holistic approach, managing awareness raising and formal training activities in an integrated way, to maximise impact with stakeholders and audiences. 

Further information is available from: John Houghton and Liz Monk