GDPR – Privacy Notices and Data Collection Forms

Dear All

As I’m sure you are aware new data protection legislation, General Data Protection Regulation (GDPR) came into force on 25 May 2018.

The new regulation builds on existing data protection legislation but with an emphasis on the need for organisations to be transparent and accountable in relation to how they use individual’s personal data. What this means is that all organisations have to publish a Privacy Notice setting out how they use individual’s data, the lawful basis they are processing the data under, the individual’s rights, how long the data is retained, who it is shared with etc. In addition organisations also need to publish a Record of Processing Activities (ROPA) which sets out this information in more detail.

This information also needs to be referenced on individual data collection forms used by the organisation.

The University’s Privacy Notices have now been published: https://www.worcester.ac.uk/informationassurance/99.html

For ease of reference we have published three separate Privacy Notices:

And each of these is accompanied by a Record of Processing.

In addition you will see a fourth box entitled ‘Guidance on writing Privacy Notices’ and this provides standard wording for your data collection forms.

What do you need to do?

  1. You need to look at the Staff Privacy Notice as this relates to the information the University holds about you and how it is used.
  2. If you collect personal data then please follow the instructions in the Guidance on writing Privacy Notices – the first drop down box at the bottom of the page ‘Specific Privacy Notices’ contains the templates and instructions
  3. If you manage a mailing list for promoting conferences, events, etc please follow the advice under ‘Direct Marketing’ on the ‘Guidance on writing Privacy Notices’
  4. If you collect children’s data please see ‘Processing Children’s Data’ again on the ‘Guidance on writing Privacy Notices’ and please contact me with the relevant information so I can ensure your Privacy Notices are appropriate.

Best wishes,

Helen Johnstone
Head of Information Assurance/Manager – University Strategic Projects

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.