Cookies

We use cookies to ensure that we give you the best experience on our website. You can change your cookie settings at any time. Otherwise, we'll assume you're OK to continue.

Durham University

Information Governance

Data Protection Training Policy

This policy was approved by University Executive Committee in March 2013.

Durham University is committed to providing adequate data protection training to its employees in order to help protect the rights and freedoms of individuals in accordance with the provisions of UK data protection legislation.

All employees of the University (grades 3 and above) whose work involves accessing personal data shall:

  • Be provided by HR with a copy of the University’s Data Protection Policy alongside their contract of employment and be required to confirm to HR that they have read and understood it;
  • Be required to undertake the University’s online Data Protection and Information Governance training module and successfully pass the integral test within 4 weeks of receiving IT access. If an employee declines to undertake the module or repeatedly fails the test, HR will investigate and where the reason for this is deemed unacceptable by the Director of HR, the employee’s access to the University’s IT systems will be removed.

All employees whose work does not ordinarily involve accessing personal data and all employees who do not have a work email account shall receive a copy of the University’s Data Protection Awareness leaflet. This includes employees and casual workers on grades 1 and 2, drivers, cleaners, caretakers, catering assistants, maintenance supervisors and other maintenance workers, plant operatives, security officers and porters.

All casual workers (including students) and agency temps whose work involves accessing personal data shall be required to undertake the University’s online Data Protection and Information Governance training module as soon as possible after receiving IT access. If they are not to receive IT access then they should receive a paper version of the training module. The onus is on supervisors to ensure that such casual staff and agency temps are aware of their responsibilities.

A general data protection training course shall be made available to all employees through HR’s Staff Training Programme.

Tailored group data protection training courses shall be made available to groups of employees, such as departments, colleges and professional support services.

This policy shall be reviewed and updated annually to ensure that it remains appropriate in the light of any changes to data protection law, organisational policies or contractual obligations.