The University of Reading needs to use and store certain information about its employees, students and others to allow it to effectively carry out its business. For example, it needs to monitor performance, record achievements, and implement health and safety requirements. It is also necessary to process and keep information so that staff can be recruited and paid, courses organised and to comply with legal obligations to funding bodies and government.
The EU GDPR 2016 is the law that sets out the requirements for the protection of personal data within the EU. Following the UK's departure from the EU, from the 1st January 2021, the requirements of the EU GDPR were adopted into UK laws, creating the 'UK GDPR'. The EU GDPR will remain relevant to data collected and processed prior to the 31st December 2020 and to the data of EU residents from there on in. Data of UK residents, collected after the 1st January 2021 will be subject to the UK GDPR. As both the EU and UK versions of the GDPR are currently aligned, statements that refer to the 'GDPR' will serve to cover both regimes.
The Data Protection Act 2018 contains additional provisions and requirements for the processing of data in the UK as well as the powers of our Data Protection Authority (regulator).
The information the University processes includes personal data. The University must process personal data according to the Data Protection Principles set out in the GDPR and the Data Protection Act 2018. This requires the University to collect and use data fairly, to store it safely and not to disclose it to any other person unlawfully. The requirement for the University to comply with this Act, in protecting the rights and privacy of individuals, imposes certain responsibilities on its staff, students and others that they should fully understand; it also sets out certain rights for them of which they should be aware.
The University of Reading has developed its Data Protection Policy (PDF-35MB) to ensure that everyone associated with the University understands their rights and responsibilities. It has also drawn up a series of detailed requirements and guidelines to help deal with the everyday implications of the policy.
The Data Protection policy and its guidelines are related to other University policies and publications including:
- Freedom of Information and Environmental Information Regulations Policy (PDF-114KB)
- University Records Management Policy (PDF-131KB)
- Records Management guidelines
Suspected or actual compromises of University data must be reported to IMPS immediately using the Information Security Incident Reporting Form.
This is a requirement under the University's Information Security Incident Response Policy (PDF 210KB) and Information Security Incident Response Procedures (PDF 354KB)
Completed forms should be submitted to imps@reading,ac,uk
For advice, support and assistance in the event of an incident contact IMPS on 0118 378 8981.