Some personal data are more sensitive in nature and therefore requires a higher level of protection. Staff working in certain research areas e. Data given in confidence or data agreed to be kept confidential in other words, a secret between two parties and that is not in the public domain.
Staff working in certain functions and in senior management roles will handle confidential data regularly. The University also handles research data which comprises materials collected or created for the purposes of analysis to generate original research results. For information on how to deal with other aspects of research data see Research Data Management.
The University needs to collect and keep certain types of information about the people with whom it deals. This includes information relating to its staff, students and other individuals.
It needs to process 'personal data' for a variety of reasons, such as to recruit and pay its staff, to record the academic progress of its students and to comply with statutory obligations for example, health and safety requirements. The Data Protection Act applies to all 'personal data' processed by the University and to comply with the law all personal data must be collected and used fairly, stored safely and not disclosed to anyone else unlawfully.
We hold certain information about staff and students in the public domain. Personal data classified as being in the 'public domain' refers to information which will be publicly available worldwide and may be disclosed to third parties without recourse to the data subject.
Our practice is to make the following items of data freely available unless individuals have objected:. Similarly, as part of its regular business activities, the University may process personal information about third parties which is already in the public domain where such processing is carried out in accordance with the Data Protection Act principles set out below and is unlikely to cause any damage or distress to the data subject. Anyone using personal data must comply with the 6 Data Protection Principles contained in the Data Protection Act as they define how personal data can be legally processed: In summary these state that personal data shall:.
Keeping personal data properly secure is key in complying with the Data Protection Act. All staff are therefore responsible for ensuring that if they keep personal data, it is kept securely and is not disclosed either orally or in writing or accidentally to any unauthorised party.
Please see the guidance on Disclosing Data for further information on this point. Please see the section on data security and the University's IT Security Policy for further information and rules on security. Individuals have the right to access any personal data that relates to them which the University holds. Any person who wishes to exercise this right should see the Subject Access Rights Page for details on how to do so.
Before commencing any research which will involve obtaining or using personal data, the researcher whether a student or member of staff and their academic supervisor or Head of Group must give proper consideration to this policy and the guidance contained on our Data Protection webpages and our Research Data Policy and how these will be properly complied with.
In particular, they will need to consider the type of personal data which may be collected, the applicable lawful basis for the processing, whether any special category data is to be processed and if so what additional condition for special category data will be relied on and what additional safeguards required, how ethical consent is to be recorded, the extent to which such data may legitimately be required for the academic objective, how the data will be securely stored, and the duration for which it will be retained.
In the area of immigration, the Data Protection Act grants the UK Home Office the power to refuse personal data access requests based on the risk it could pose to immigration enforcement.
Read the Data Protection Act law text here pdf. Now that Brexit has happened, several legal changes has taken effect in the area of data protection. This is important because of Article 45 in the European GDPR, which requires countries that are not part of the EU to have an adequate level of domestic data protection laws in order to ensure a free flow of information to and from the EU. However, on June 28 , the EU adopted an adequacy decision for the UK, meaning that websites, companies and organizations in the United Kingdom who process personal data from users inside of the EU can carry on as before, business-as-usual for the next four years until June Keeling Schedule for the amendments to the Data Protection Act Brexit means overall changes to UK data privacy law.
Your website must ask for and obtain the consent of users before processing their personal data. If your website uses third-party cookies, you need to implement a consent management solution that ensures that these cookies and trackers are not activated to process personal data before users have given their explicit consent to do so.
What is CCPA? Cookies on GOV. UK We use some essential cookies to make this website work. Accept additional cookies Reject additional cookies View cookies.
Hide this message. Home Crime, justice and the law Your rights and the law. Data protection. The Data Protection Act The Data Protection Act controls how your personal information is used by organisations, businesses or the government. Print entire guide.
0コメント