Paper and data storage (e.g. home drive, email etc.)

Responsibilities

• Individual staff, and those with honorary or affiliate status

I/We will

Check personal data that I process and store and make sure that I still have a valid reason for retaining it, or if not, securely delete it.

So that

I/we demonstrate that the personal data I have is secure and I have a justifiable reason to process it under the new legislation.

I/we understand any gaps in compliance between current working practice and the new legislation, and will make realistic short, medium and long term plans to improve, addressing the highest risks first.

Support/Tools

• UofG Information Asset Register questionnaire format
• examples of daily work
  

Paper and data storage used for research data

Responsibilities

• Principal Investigator

I/We will

Check personal data that I process and store to assess what changes apply to my research/ethics processes, and plan what I need to do to be compliant with the requirements of the new legislation.

Protect all personal data required by the terms of the funder/contract, and not delete while required. (For further advice contact your College Research Support Office.)

So that

I/we demonstrate that the personal data I have is secure and I have a justifiable reason to process it under the new legislation.

I/we understand any gaps in compliance between current working practice and the new legislation, and will make realistic short, medium and long term plans to improve, addressing the highest risks first.

Support/Tools

• UofG Information Asset Register questionnaire format
• Research with personal data
• Retention of Research data

• Medium term recommendation: process re-design project Research Ethics/Data Management, aligned to organisational information asset approach/questions

Paper and data storage (e.g. shared drives, and locally managed software applications)

Responsibilities

• Head of School/Institute/US Directorate Accountable
• Head of School/Institute/US Directorate Administration Responsible (and nominate staff to maintain their Information Asser Register)

I/We will

We will identify high-risk activity, and complete the Information Asset Register for data-sets we own.

So that

I/we demonstrate that the personal data I have is secure and I have a justifiable reason to process it under the new legislation.

I/we understand any gaps in compliance between current working practice and the new legislation, and will make realistic short, medium and long term plans to improve, addressing the highest risks first.

Support/Tools

• UofG Information Asset Register (Online format in development - questionnaire format available now to prepare)

Centrally managed databases (e.g. MyCampus, Core HR, Infrastructure etc.)

Responsibilities

• Service Owner Accountable  (the service owner is in the business unit, e.g. for Finance it is the Director of Finance)

• Service Manager Responsible - (the IT manager for the service, who may be local or in IT Services)

I/We will

We will identify high-risk activity, and complete the Information Asset Register for data-sets in our area.

So that

I/we demonstrate that the personal data I have is secure and I have a justifiable reason to process it under the new legislation.

I/we understand any gaps in compliance between current working practice and the new legislation, and will make realistic short, medium and long term plans to improve, addressing the highest risks first.

Support/Tools

• UofG Information Asset Register (Online format in development - questionnaire format available now to prepare)