Strangely enough, on the day that GDPR came into effect the University released a compulsory online module on Cyber Security and Data Protection for all staff. I procrastinated so only completed it today, with the excuse that I had already attended a number of briefings on GDPR over the past couple of months. It was fine, as far as these things go, but I didn’t really learn anything new. As would be expected of someone in my industry I’m already well versed in issues such as privacy, malware, hacking, password security, etc.
The GDPR, or General Data Protection Regulation, and nothing at all to do with the former German Democratic Republic, is the new regulations coming in to replace the Data Protection Act of 1998, bringing with it much firmer requirements for organisations to store data safely and appropriately, and harsher penalties for breaches. The GDPR will apply to all organisations holding data on EU citizens so it will apply to the university regardless of Brexit. It was actually a very useful session that has made me think about the types of thing I and my team store, and how most of it isn’t really necessary. I feel purge may be coming.
A whistle-stop tour covering all aspects of information governance, including the Data Protection Act, the Freedom of Information Act, information assurance, information security, copyright and intellectual property, records management and IT security. The training also covered how these inform the development of the University’s policies and procedures.
After the session I collared the trainers to suggest turning their training materials into a self-contained online course which could be made available for all staff to complete in their own time, an idea which went down very well.