Durham University is committed to protecting the rights and privacy of individuals in accordance with appropriate UK and European legislation, e.g. the General Data Protection Regulations (GDPR). Personal data is not the only information we need to protect. The University also processes information that is critical to its operation, is necessary for statutory or regulatory reporting, or is commercially valuable. When this information cannot be found, or is not available when required, or is shared inappropriately it is not useful to the University and can be a liability. Storing information, whether physical or electronic information, beyond its required retention increases University storage and processing costs.
University employees need to understand the principles of data protection and what is expected of them in order to manage the information that the University processes. The University provides a ‘Data Protection and Information Governance’ e-learning course that has been developed to support University employees who are IT users or whose work involves accessing personal data. It provides content in four key related topics that describe the requirements and approaches to effective data management:
- Records and Information Management
- Data protection, including GDPR
- Information Security
- Freedom of Information.
The aim is to:
- Demonstrate why it is important to manage and protect information
- Inform employees of how good practices for records management and information security helps support business processes and the University strategy
- Raise awareness with employees of their responsibilities and the institution’s responsibilities towards data protection and Freedom of Information legislation, including the GDPR.
The module is suitable for all staff Grades 3 and above with access to a University network and should take approximately 45 minutes to complete. In order for the system to register that you have completed the course, you must work through the entire module including the end of module quiz.
The module is available on DUO. Staff can access it from their DUO homepage using their CIS username and CIS password. The module should be found within the ‘My Organisation and Online Training’ section.
Exceptions from e-learning
Members of University staff whose work does not primarily involve accessing personal data (as defined by the Information Commissioner’s Office) or members of staff who do not have a work email account are not required to complete the University's online data protection training package. This includes Grades 1 and 2 staff, drivers, cleaners, caretakers, catering assistants, maintenance supervisors and other maintenance workers, plant operatives, security officers, porters, and students undertaking casual work.
Instead, the University has compiled a Data Protection Awareness Sheet for distribution to staff in this category by supervisors or heads of department/college/section/centre. This may also be suitable as a general awareness poster.