Closure Report

Project Summary

This project delivered changes as to how the EdWeb hosted websites handle cookies, Web forms, and user consent. The project is part of a larger program to ensure that the University is GDPR compliant by the time that the legislation is enacted in May 2018. The project was delivered over the course of four months from February 2018 to June 2018. The project implemented a pop-up banner to approve the use of cookies on web browsers that accessed the EdWeb sites. The project delivered on all it's objectives.

Analysis of Resource Usage:

Staff Usage Estimate: 90 days

Staff Usage Actual: 70 days

Staff Usage Variance: 12%

Outcome

NR

Objectives / Deliverables

Priority 

Outcome

 

   

 

O.1

Ensure that all cookies and embedded content  utilised within EdWeb are conformant to the latest legislation                        

 

 

D1.1

An opt-in cookie banner that covers a set of bundled cookies, mainly marketing and analytics 

Must

 Achieved

D1.2

An overlay for third party content

Must

 Achieved

D1.3

An information only banner for system necessary cookies .

Must

 Achieved

 

 

 

 

O2

Define method of handling cookie consent      

 

 

D2.1

Define what cookies need to be handled

Must

 Achieved

D2.2

Agreed wording for each opt-in consent mechanism

Must

 Achieved

D2.3

Deliver opt-in consent mechanism for third-party provided content

Must

 Achieved

D2.4

Functionality allowing consent to be removed where previously given

Must

 Achieved

 

 

 

 

O3

Define method of handling  data protection and privacy for EdWeb web forms   

 

 

D3.1

Opt-in consent for web forms

Must

 Achieved

D3.2

Updated guidance for editors

Must

 Achieved

D3.3

Encrypt data at rest. Needs to be part of a University-wide solution.

Could

 Not achieved

 

 

 

 

O4

Ensure that the corporate reputation of the University is maintained within EdWeb

 

 

D4.1   

Deliver cookie management functionality for website visitors that meets GDPR requirements within required legislative timescales  

Must

 Achieved

D4.2

Deliver banner that works across all platforms and browsers for EdWeb

Must

 Achieved

 

 

 

 

O5

Ensure that the business has suitable manual processes to remove personal data as well as enacting right to be forgotten.  

 

 

D.5.1

Manual process to remove personal data from EdWeb including restriction of search data

Must

 Achieved

D5.2

Right to be forgotten manual process

Must

 Achieved

 

 

 

 

O6

Ensure that a Privacy Impact Assessment is undertaken

 

 

D6.1

Deliver a completed and signed off PIA

Must

 Achieved

Explanation for variance

The initial estimates were generous given the varied options of implementing regulation compliance.

Key Learning Points

Some of the initial business analysis took longer than expected and did not deliver the quality required. This was due to an inexperienced Business Analyst (External Service Provider). In order to capture the full requirements, other project team members worked more than they normally would be expected on the requirements document. An additional factor was a varied interpretation of the new regulations and emerging guidelines from the UK Data Protection Office. 

The project team worked well together, the changes were developed using Agile, with the stories maintained in JIRA.

Outstanding Issues

There are no outstanding issues.

 

Project Info

Project
Implement GPDR Compliance Requirements for EdWeb
Code
UWP021
Programme
Z. ISG - University Website (UWP) (Closed)
Management Office
ISG PMO
Project Manager
Tim Gray
Project Sponsor
Stratos Filalithis
Current Stage
Close
Status
Closed
Project Classification
Run
Start Date
08-Feb-2018
Planning Date
29-Mar-2018
Delivery Date
25-May-2018
Close Date
24-Aug-2018
Programme Priority
2
Overall Priority
Normal
Category
Compliance