This portfolio has been established to assist the University ensure the GDPR compliance of its services ahead of the deadline in May 2018. The portfolio will assist our senior managers monitor the status of all projects related to GDPR compliance. There are two groups of projects included in the portfolio:
These projects will deliver either:
- General resources needed for GDPR compliance OR
- Business or technology elements needed to ensure the GDPR compliance of an existing service OR
- New services or capabilities which will be implemented before the GDPR deadline in May 2018 which will need to be GDPR compliant
- These projects will deliver new services or capabilities which will need to be GDPR compliant and which will be implemented after the GDPR deadline in May 2018
Ensuring GDPR compliance is an essential priority for the University. It is vital that senior managers and project stakeholders have a clear and consistent view of all projects that will be needed to ensure compliance. The portfolio provides a framework for monitoring and supporting existing GDPR related project activities across the University - it does not replace these activities.* The GDPR portfolio is sponsored by the CIO and is owned by Applications Directorate working in partnership with the Chief Information Security Officer (CISO), the Data Protection Officer (DPO). ISG colleagues and stakeholders across the University.
* The portfolio will focus on project activity. GDPR work done through business as usual service activity will not be included. We are currently in discussions with the DPO, CISO and service owners about establishing a complimentary monitoring framework for services.