This page lists the data protection guidance and policy documents that are available to UEA staff. On 25 May 2018, UK data protection law changed and we will regularly add and update documents to reflect changes to the law.
If you'd like further information on any of these documents, contact the Information Compliance team at firstname.lastname@example.org, or +44 (0)1603 59 2431/1143.
The Information Compliance team are producing a range of guidance to assist staff in understanding changes to the law. We will add to and revise these documents from time to time.
Data subject rights:
- GDPR data subject rights
- Guidance for staff who may hold data required for a Subject Access Request
- Information to be recorded by staff who receive a verbal Subject Access Request (Word doc.)
Legitimate Interests Assessment:
Where we are relying on 'Legitimate Interests' as our legal basis for processing personal data we must do a Legitimate Interests Assessment (LIA). Our LIA template (Word doc.) can be downloaded and, once complete, sent to email@example.com for review.
Drafting privacy notices:
The University's primary privacy notices should cover most of the ways in which we collect and handle personal data, however there will be occasions where separate privacy notices are required (e.g. because data will be collected for a specific purpose that doesn't apply to a wide range of people). The following guidance and supplementary text is designed to assist staff who need to create a specific privacy notice. The data protection team must be informed of any new privacy notices (see checklist below).
- 'Further Information' web page (Staff can add this link to any privacy notice they create to ensure that some of the standard information required by GDPR is included in their notice)
- Data protection text for web forms (Staff who collect personal data via web forms can use this link when creating a privacy notice for their form)
Gathering consent for processing data:
- Consent checklist (Word doc.)
Data Protection Policy (updated May 2018)
The following policies also relate to the use of and access to personal data at UEA:
- Information Classification and Data Management Policy (updated Feb. 2018)
- Conditions of Computer Use (updated June 2017)
- General Information Security Policy (updated Oct. 2017)