GDPR addresses the changing landscape of personal data in a digital age.


The UEA email incident may be one of the first reported data breaches within Higher Education but it surely won’t be the last unless universities take the implementation of GDPR seriously. As the largest legislation change to UK law in recent years, GDPR addresses the changing landscape of personal data in a digital age and will come in to effect 25th May 2018. It is imperative that the Higher Education sector prepare for this.

Universities, along with all other organisations in the UK, need to follow a structured process for dealing with these changes. These should include:

1 – Spread the word

Raise awareness. Make sure your VC’s, Executive Boards, Deans, Academics and Lecturers are aware that the current Data Protection Law is changing to GDPR on 25th May 2018 and how it will affect your university. Who will be your Data Protection Officer and do you know the requirements for the role?

2 – Know the rules

Identify whether your processing activity is legal under the GDPR, document it and update your privacy policy notice to explain why you hold the information. Your entire database must opt-in – from Alumni students to individuals requesting a one-off prospectus – and showing you have consent is vital. So, it’s worth reviewing how you seek, record and manage consent and refresh existing consents if they don’t meet the GDPR standard.

3 – Check your data

It’s a good time to carry out an audit to establish what personal data is held on students, alumni and staff. Where is it from and how long have you had it? Do they know you collect it, how you use it or which organisations it is shared with?

4 – Know their rights

Check you have compliance processes to cover all the rights individuals have under GDPR. These include how you edit, electronically transport, securely store, correct, retain and delete their personal data. All requests for personal data must be supplied in an appropriate format.

5 – Update your policies

Plan how you will handle requests within the new GDPR timescales and provide these free of charge. This can include requests from students and teaching staff regarding CCTV, surveillance technologies, photos, attendance records and digital information held on social media, educational websites and apps.

6 – Prepare for breakdown

Make sure you have procedures in place to detect, report and investigate potential data breaches. If a breach occurs, it may need to be reported to any students or staff affected within GDPR’s strict specified time periods.

As we edge ever closer to the implementation of GDPR it is evident education establishments across the UK must act and implement change. Clarity and transparency will be central to prove how consent was gained, along with detailed data management and storage policies. These should cover the process from all the angles – and have student privacy and rights built into its very core.

Originally published on GDPR.Report

We specialise in creating the perfect blend of strategy, media, digital and creative to produce the most effective advertising possible for each individual client. Our incredible arsenal of people have amazing skills, knowledge and experience, driven by a purpose – to make effective advertising accessible to all clients.

Contact Us

Hunterlodge Advertising
171 High Street

Tel: +44 (0)1923 714 949

Back to top

We use cookies to improve our website and your experience when using it. Cookies used for the essential operation of this site have already been set. To find out more about the cookies we use, see our privacy policy.

  I accept cookies from this site.