The General Data Protection Regulation (GDPR) requires us to keep personal data secure. The Regulation itself states Personal Data must be:
Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Source: Article 5(1)(f), GDPR.
For additional guidance on:
• Recognising spam and phishing emails;
• Virus and malware protection;
• File security;
• PC and device disposal;
• Password management;
• Two-factor authentication;
• Safe use of University information on devices;
• Protecting confidential data.
For guidance on keeping paper records secure, see the University’s Records Management resources.