Strangely enough, on the day that GDPR came into effect the University released a compulsory online module on Cyber Security and Data Protection for all staff. I procrastinated so only completed it today, with the excuse that I had already attended a number of briefings on GDPR over the past couple of months. It was fine, as far as these things go, but I didn’t really learn anything new. As would be expected of someone in my industry I’m already well versed in issues such as privacy, malware, hacking, password security, etc.
The GDPR, or General Data Protection Regulation, and nothing at all to do with the former German Democratic Republic, is the new regulations coming in to replace the Data Protection Act of 1998, bringing with it much firmer requirements for organisations to store data safely and appropriately, and harsher penalties for breaches. The GDPR will apply to all organisations holding data on EU citizens so it will apply to the university regardless of Brexit. It was actually a very useful session that has made me think about the types of thing I and my team store, and how most of it isn’t really necessary. I feel purge may be coming.