Electronic Sharing of Responses for GDPR
  1. Home
  2. Projects
  3. Electronic Sharing of Responses for GDPR
  4. Journal
  5. Electronic Sharing of Responses for GDPR

Electronic Sharing of Responses for GDPR

Electronic Sharing of Responses for GDPR has now GONE LIVE 25TH MAY FOR RECORDS MANAGEMENT TEAM

 

A big THANK YOU to the Records Management Team and a special thank you to Elaine Wighton for her commitment and dedication, through sweat, blood and tears in ensuring the solution met the RMT business requirements.  Thanks to Claire Bradford and Maurice Komolafe for ensuring the SharePoint solution met the GDPR legislative criteria, which was no mean feat as it was a new service to UoE.
Thanks to Morna Findlay for her support throughout this project and to David Offord-Creighton and Renate Gertz  for your time and efforts for something that was new to the University.  

BACKGROUND

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).  This regulation becomes enforceable from 25 May 2018.

The project was to deliver a method for providing information electronically and securely to requestors (including members of the public) making a request to the University, to satisfy the GDPR legislation(Article 15, section 3) "Where the data subject makes the request by electronic means, and, unless otherwise requested by the data subject, the information shall be provided in a commonly used electronic form".

The element of Project change pertains to the Subject Access Requests for information service.  The current process within the Records Management Team is to "respond to the subject access request via the same channel that the request was received, wherever possible.  Should the response be required electronically, and is large, this is saved and encrypted using Adobe Acrobat professional 256 AES, but otherwise, paper, CDROM and email are the usual routes.  From 25th May, GDPR Legislation prevents any personal data response to be issued by any other means other than electronically with assured security.

The Scope of the Project was to deliver:

  • A simple, electronic data sharing provision, with a focus on SharePoint as a solution, that will share large files. 
  • Alternative electronic data transfer solution to be explored and proposed, should SharePoint be deemed insufficient.
  • Confirmation that the existing Adobe Acrobat Professional, standard 256AES will suffice and if not, explore other alternatives.
  • Encryption for internal university requests and external, confirm any differentiation.
  • Some guidance to Record Management team in support of their UAT for each deliverable.

The project website has been kept up to date with information about the development progress, support and migration plans etc.

·        STU262 -  Electronic Sharing of responses for GDPR  - website: https://www.projects.ed.ac.uk/project/stu262

 

This article was published on

Project Info

Project
Electronic Sharing of Responses for GDPR
Code
STU262
Programme
Student Services (STU)
Management Office
ISG PMO
Project Manager
Morna Findlay
Project Sponsor
Sara Cranston
Current Stage
Close
Status
Closed
Start Date
27-Nov-2017
Planning Date
n/a
Delivery Date
n/a
Close Date
27-Jul-2018
Programme Priority
2
Overall Priority
Higher
Category
Compliance

Documentation