Follow up on 1st GDPR project for student systems

Current risk has been reviewed and work for this year has been prioritised as follows:

Action Type (analysis, deletion, new process) Business areas

Estimated effort BA & Dev

small ~20d, medium ~50d

Priority (as per expected risk)
1. Analysis 

Impact to delete applicants and students for student records and downstream systems, MI/BI, and the Identity Management system (IDM)

- defining the value of what we need to retain in the student records to be compliant for BAU

-will require large stakeholder engagement (colleges, owners of downstream systems, existing Projects' PM, customers of core data like GaSP, data protection officer, student systems officer )


Issue: loss of historical data in DirectMI (weekly), AdmissMI (end of month), STUDMI (monthly). Mitigation: take snapshots  of applicants and students 

BA- medium 

Dev small for consultancy

1 high- will inform all the other actions and estimated efforts for remaining work
2. Analysis & deletion Unsuccessful applicants (use SITS delete existing functionality : need to be 1st manually configured to make it a business process going forward) ; there are ~780k records

BA small

then BAU

2 very high as current risks are high (we hold very old applicant data which we have already been challenged with)

dependency on 1) done

5- New process Establish BAU sustainable deletion process and timescales- annual process will start in Oct every year  

BA small 

handover to BAU

3. high as it will set the annual procedure for BAU
8. New process

a)Limited access across EUCLID, limit whole access of the core data to student record team

- require sits development changes to manage staff roles with conditions around student group

b)Bi/MI access- rather than removing UUN in reports, we would restrict access to data sets for users (student systems, gasp, college planning and few users in schools, support units)- Action: Analysis to understand who is using the reports, who needs to use them, set process to manage /approve the user access

Option- Better use of Power BI, and standard reports for all users would restrict need to access BI/MI (liaise with Student Survey Reporting team re proposed work)

BA small

Dev medium

Reporting team-small

4a  high (based on risk/reputation) , no dependency

4b- medium

Current project status

Report Date RAG Budget Effort Completed Effort to complete
January 2021 AMBER 0.0 days 0.0 days 0.0

Project Info

GDPR 2 for student systems
Student Systems Partnership SSP
Management Office
Project Manager
Franck Bergeret
Project Sponsor
Lisa Dawson
Current Stage
Not Started
Project Classification
Start Date
Planning Date
Delivery Date
Close Date
Overall Priority


Not available.

Project Dashboard

Project journal

No entries found.

Change dashboard

Nothing to report.