Cookies

We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Information Governance

Roles and Responsibilities

Roles and responsibilities for Information Governance relate to Data Protection, Freedom of Information, Information Management and Information Security.

RoleResponsibilitiesRole Holder

University Executive Committee

  • Play key role in fostering a data protection culture within the University.
  • Seeking assurance from the Senior Information Risk Owner (SIRO) that information held by the University is being managed in compliance with the Information Governance Framework and provide support and resources to the SIRO to address high risk areas of non-compliance and security risk
  • Ensuring that the purposes and means of processing of personal data for which the University is data controller are determined in compliance with legislation.
  • Enabling the effective performance of the DPO’s tasks and that the DPO is given sufficient autonomy, time, resources and support to carry out their responsibilities, including active support by senior management.
  • Ensuring that the DPO is ‘involved properly, and in a timely manner, in all issues which relate to the protection of personal data’, that the opinion of the DPO is given due weight and that the DPO is consulted promptly once a data breach or another incident has occurred.

Members of UEC

Senior Information Risk Owner (SIRO)

The SIRO is the Board-level member of the University's management team and has overall accountability for the management of information assets held by the University:

  • Providing independent senior board-level accountability and assurance to UEC that information risks are addressed
  • Ensuring that information risks are treated as a priority for business outcomes
  • Providing accountability and assurance to UEC that the University has embedded and is maintaining operational compliance with the Information Governance Framework policies and associated data protection, information security, information management and information technology processes and procedures
  • Playing a vital role in getting the institution to recognise the value of its information and enabling its optimal effective use.

For personal data:

  • Playing a key role in fostering a data protection culture within the University.
  • The processing of personal data (of which the University is data controller) in compliance with data protection legislation, including the appropriate determination of the purposes of processing personal data, and the means by which any personal data processing activity is done
  • Ensuring that the DPO is involved properly, and in a timely manner, in all issues which relate to the protection of personal data, that the opinion of the DPO is given due weight and that the DPO is consulted promptly once a data breach or another incident has occurred.
  • The management of data protection risks
  • Implementation and progression of the University’s approved data protection initiatives
  • Managing the implementation of essential elements of data protection legislation, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities and security of processing.
  • Managing the response to breaches of data protection legislation
  • Ensuring that an effective monitoring and reporting framework is established with regards data protection compliance, and that information asset owners and super information asset owners are designated, perform their roles and report regularly on data protection compliance in relation to their respective information assets and business units
  • Ensuring that no individual is given access to personal data without having been required to undertake appropriate training and read relevant policy and guidance.

Chief Operating Officer (COO)

Data Protection Officer (DPO)

An advisory role concerned with the University’s compliance with data protection legislation:

  • Providing advice, assistance and recommendations to the Senior Information Risk Owner (SIRO) in relation to data protection risks
  • Enabling compliance with data protection legislation
  • Playing a key role in fostering a data protection culture within the University
  • Helping implement essential elements of data protection legislation, such as the principles of data processing, data subjects’ rights, data protection by design and by default, records of processing activities, security of processing and notification and communication of data breaches
  • Reviewing the planning, implementation and progress of the University’s data protection initiatives periodically, reporting to Council
  • Advising the SIRO in relation to any breaches of data protection legislation
  • Being the University’s point of contact with the Information Commissioner’s Office.

The DPO shall not determine the purposes of processing personal data, or the means by which any personal data processing activity is done.

University Secretary

Super Information Asset Owner

Super Information Asset Owners ensure that information comprising Major Information Assets is managed consistently in compliance with the Information Governance Framework:

  • Helping foster an information governance culture within the University
  • Identifying and managing risks for their respective Major Information Assets
  • Ensuring that no individual is given access to personal data without having undertaken appropriate training and read relevant policy and guidance
  • Ensuring that consistent local processes and procedures are developed, implemented, followed and regularly reviewed
  • Monitoring and reporting on legislative, statutory and contractual compliance in relation to Major Information Assets as required by the University.

Student Information:

PVC Education& PVC Colleges

Staff Information:

COO

Alumni and Supporters Information:

COO

Research Information:

PVC Research

Financial Information:

CFO

Information Asset Owner

Information Assets Owners ensure that Information Assets are managed in compliance with the Information Governance Framework:

  • Identifying and managing data protection risks within their respective business units
  • Ensuring that no individual is given access to personal data without having undertaken appropriate training and read relevant policy and guidance
  • Ensuring that local processes and procedures are developed, implemented, followed and regularly reviewed
  • Monitoring and reporting on compliance in their business units as required by the University.
  • Nominating Information Stewards for key systems to ensure that information governance compliance is embedded and maintained in the daily operation of those systems.

Faculty PVCs

Heads of Department

College Principals

Heads of PSS

Information Stewards

Information Stewards ensure that information governance compliance is embedded and maintained in the daily operation of systems containing Information Assets. Systems can be electronic or manual.

Individuals who maintain key systems containing Information Assets

All individuals and organisations that process information on behalf of the University

All individuals and organisations that process information on behalf of the University have a responsibility to comply with the Information Governance Framework policies and associated data protection, information security, information management and information technology processes and procedures.

All individuals and organisations that process personal data on behalf of the University

Line managers

Line managers have a responsibility to ensure that employees are made aware of their particular responsibilities and that they comply with the Information Governance Framework policies and associated data protection, information security, information management and information technology processes and procedures.

Line managers