The University is responsible for and must be able to demonstrate compliance with the Data Protection Principles and Data Subject Rights.
The GDPR introduces a range of accountability requirements which encourages the University to take a proactive and documented approach to compliance. These include:
- implementing policies, procedures, processes and training to promote data protection by design and default
- having appropriate contracts in place when outsourcing functions that involve the processing of personal data
- implementing appropriate security measures
- maintaining records of the data processing that is carried out across the University
- documenting and reporting personal data breaches
- the obligation to carry out a Data Protection Impact Assessment before carrying out types of Processing likely to result in a high risk to individuals
- appointing a Data Protection Officer
- adhering to relevant codes of conduct and signing up to certification schemes