Three months since GDPR: Tips to stay data breach free

It’s now been over three months since new data privacy laws came into effect. The General Data Protection Regulation (GDPR) and the Data Protection Act 2018  give the public more rights over how personal information is used by organisations.

The University has updated its privacy statements and notices, and we have worked out our legal bases for processing personal data – seeking consent where necessary.

The Corporate Governance team have provided the following tips to help avoid data breaches, or to mitigate the possibility of a breach as much as possible:

  • If sending one email to a large number of (unrelated) people, remember to put the addresses in the BCC field so that they cannot be seen by the recipients
  • Check the email address so the email goes to the correct person first time
  • Encrypt / password protect any attachments containing special category data so that if they are sent to the wrong person, the data isn’t instantly available to the recipient
  • Make sure that any microsite hosted on the University’s in-house webhosting platform (Plesk Control Panel) and other sources of personal data for which you are responsible, are as secure as possible and closed down as soon as it is no longer needed.

The Corporate Governance webpages have been updated with articles and factsheets, including the following:

  1. Differences between GDPR and the DPA 1998
  2. Legal Bases for Processing
  3. Processing based on consent
  4. Information for privacy notices
  5. Direct Marketing/Mailing lists
  6. Data breach notifications
  7. Research and GDPR

More information on these changes are available on the FAQ webpage, by emailing or by telephoning extension 3642.

UoP News © 2019 All Rights Reserved