Data Protection Regulation

8 December 2017 at 10:10am
[Update: a Government amendment to Clause 6 of the Bill appears to confirm that this is their intended interpretation :)]
11 September 2017 at 9:35am
I was recently asked how the GDPR's Right to Erasure would affect backups and archives. However that right, created by Article 17 of the GDPR, only arises when a data controller no longer has a legal basis for processing personal data. Provided an organisation is implementing an appropriate backup and archiving strategy, that shouldn't happen.
1 August 2017 at 8:58am
Many, perhaps most, wifi access services want to perform some sort of authentication of people who use them (for those providing connectivity via Janet, it's a requirement of the Eligibility Policy).
25 July 2017 at 10:48am
Jisc provides a lot of different services: too many for us to look at each one from scratch before the General Data Protection Regulation comes into force next May. Instead, we've identified four different patterns that seem to cover the majority of services. We hope that having a common set of expectations for each pattern will simplify discussions with service managers, customers and users.
11 July 2017 at 10:46am
Looking at yet another of those web registration forms that seems to collect more data than required, it occurred to me that there might be quite a neat way to meet the General Data Protection Regulation's requirements for positive, recorded consent.
5 July 2017 at 9:59am
The Article 29 Working Party has produced new guidance on data processing in the workplace, to account for the very significant changes that have occurred since their previous guidance in 2001. Although the focus is on "employee monitoring", it is likely to be relevant to other situations where an organisation has significant power over those who use its premises and equipment. The guidance considers the requirements under both the Data Protection Directive and, from next year, the GDPR.
14 June 2017 at 11:30am
A question recently arose about monitoring students' attendance at lectures and tutorials, and how this fitted into data protection law. Since the main purpose of such monitoring seems to be to identify and assist students who don't attend, and whose presence is therefore not recorded or processed, there seem to be a number of both practical and legal issues to think about.
2 June 2017 at 2:37pm
To mark one year to go till the General Data Protection Regulation comes into force, we've published an article on "How Universities and Colleges Should be Preparing for New Data Regulations" on the Jisc website.
Subscribe to Data Protection Regulation