Categories
Articles

GDPR: notices and processes

Some of the General Data Protection Regulation’s requirements on data controllers apply no matter which legal basis for processing is being used. For example there are common requirements on information given to data subjects; breach notification and rights of access and rectification will normally apply to all personal data. However other requirements are specific to […]

Categories
Articles

GDPR: Portability Right Guidance

The Article 29 Working Party’s final guidance on implementing the right to portability is a significant improvement on the previous draft. The Working Party appear to have recognised the significant risk involved in making large collections of personal data available through on-line interfaces, and that other approaches will be more suitable for most data controllers. […]

Categories
Articles

Digital Economy Act 2017

The Digital Economy Act 2017 contains sections relating to content filtering by “Internet Service Providers” (ISPs) and “Internet Access Providers” (IAPs). However both terms are derived from (and subsets of) the European definition of Public Electronic Communications Services, so will not apply to Janet or customer networks that are not available to members of the […]

Categories
Closed Consultations

Jisc response to DCMS consultation on GDPR Research implementation

Jisc responded to the DCMS consultation on implementing the Research provisions of the GDPR into UK law. The exemptions from certain obligations and data subject rights contained in section 33 of the Data Protection Act 1998 have been vital in enabling long-term research studies, including in health and social sciences, while ensuring the protection of […]

Categories
Closed Consultations

DCMS call for views on GDPR derogations

The Department for Culture, Media and Sport has called for views on how the UK should use the “derogations” (i.e. opportunities and requirements for national legislation) contained within the General Data Protection Regulation. The main area where derogations, or the lack of them, could affect the Jisc community is in the application of the GDPR […]

Categories
Articles

Investigatory Powers Act 2016: Encryption

[I’ve updated this 2015 post to refer to the section numbers in the Investigatory Powers Act 2016. As far as I can see, the powers contained in the Act are the same as those proposed in the draft Bill] Over past months there has been various speculation that the Investigatory Powers Bill [now the Investigatory […]

Categories
Articles

GDPR: Alumni processes

Most universities maintain databases of alumni, for purposes including keeping them informed about the organisation, offering services and seeking donations. These activities have a lot in common with other charities, so the Information Commissioner’s guidance is relevant. Indeed the Information Commissioner’s recent description of using consent-based relationships “to improve [supporters’] level of engagement with your […]