Follow up on 1st GDPR project for student systems https://secure.projects.ed.ac.uk/project/sac064

Current risk has been reviewed and work for this year has been prioritised as follows:

Action Type (analysis, deletion, new process) Business areas

Estimated effort BA & Dev

small ~20d, medium ~50d

Priority (as per expected risk)
1. Analysis 

Impact to delete applicants and students for student records and downstream systems, MI/BI, and the Identity Management system (IDM)

- defining the value of what we need to retain in the student records to be compliant for BAU

-will require large stakeholder engagement (colleges, owners of downstream systems, existing Projects' PM, customers of core data like GaSP, data protection officer, student systems officer )

 

Issue: loss of historical data in DirectMI (weekly), AdmissMI (end of month), STUDMI (monthly). Mitigation: take snapshots  of applicants and students 

BA- medium 

Dev small for consultancy

1 high- will inform all the other actions and estimated efforts for remaining work
2. Analysis & deletion Unsuccessful applicants (use SITS delete existing functionality : need to be 1st manually configured to make it a business process going forward) ; there are ~780k records

BA small

then BAU

2 very high as current risks are high (we hold very old applicant data which we have already been challenged with)

dependency on 1) done

5- New process Establish BAU sustainable deletion process and timescales- annual process will start in Oct every year  

BA small 

handover to BAU

3. high as it will set the annual procedure for BAU
8. New process

a)Limited access across EUCLID, limit whole access of the core data to student record team

- require sits development changes to manage staff roles with conditions around student group

b)Bi/MI access- rather than removing UUN in reports, we would restrict access to data sets for users (student systems, gasp, college planning and few users in schools, support units)- Action: Analysis to understand who is using the reports, who needs to use them, set process to manage /approve the user access

Option- Better use of Power BI, and standard reports for all users would restrict need to access BI/MI (liaise with Student Survey Reporting team re proposed work)

BA small

Dev medium

Reporting team-small

4a  high (based on risk/reputation) , no dependency

4b- medium

Current project status

Report Date RAG Budget Effort Completed Effort to complete
January 2021 AMBER 0.0 days 0.0 days 0.0

Project Info

Project
GDPR 2 for student systems
Code
SAC085
Programme
Student Systems Partnership SSP
Management Office
ISG PMO
Project Manager
Franck Bergeret
Project Sponsor
Lisa Dawson
Current Stage
Initiate
Status
Not Started
Project Classification
Run
Start Date
01-Jun-2021
Planning Date
05-Jul-2021
Delivery Date
01-Mar-2022
Close Date
04-Apr-2022
Overall Priority
Normal
Category
Compliance

Documentation

Not available.

Project Dashboard

Project journal

No entries found.

Change dashboard

Nothing to report.