General Data Protection Regulation

Making personal data safer

The University of Oxford handles a large amount of personal data, and we take data privacy very seriously.

We work continuously to ensure our policies and processes are up-to-date.

The introduction of the General Data Protection Regulation (GDPR) in May 2018 has provided the University with an opportunity to further strengthen the way we protect people’s data and ensure that privacy is central to what we do.

A University-wide improvement programme has been underway since 2017 led by our Information Compliance Team with representatives from across the institution.

About GDPR

Many GDPR principles are similar to the previous Data Protection Act (1998). The GDPR includes new and strengthened requirements for how we protect people’s data.

What it’s about in a nutshell:

  • Being open with people about how we use their information
  • Not keeping their information longer than necessary
  • Making sure it is accurate
  • Making sure that it is safe
  • Knowing what we’ve got and what we can do with it (e.g. sharing)
  • Recognising a breach and knowing what to do

What steps have been taken to prepare?

  • A University wide exercise has been understaken to review and record what personal data we use.
  • University wide privacy notices have been reviewed and templates, and associated guidance, have been developed for use by departments.
  • Our website has been updated with guidance and resources for use throughout the University.
  • We have raised awareness of existing procedures and updated these as necessary (for example, reporting data security breaches).

What do I need to do?

Your hub contact will continue to be your point of contact and will keep you updated on any next steps. In the meantime, please take a look at the new policy and guidance, in particular the basic rules of good data handling.