The Essex website uses cookies. By continuing to browse the site you are consenting to their use. Please visit our cookie policy to find out which cookies we use and why. View cookie policy.

Working at Essex
Starting at Essex Equality, diversity and inclusion Employment policies and procedures Forums and networks Grading and reviews Hybrid working Managing people Pay, rewards and benefits Pensions Professional development and training Recruiting staff Taking leave UECS and Wivenhoe House staff Working with information and data Your information and your rights Quick guides to working at Essex
Teaching and learning
Academic standards and quality DBS checks for students Department student support roles Developing student success Exams and assessment Heads of Department Learning technologies Reading lists Staff awards and funding Student feedback Student wellbeing support and signposting Supporting students with disabilities and health conditions Supporting and welcoming new students Timetables
Research
Funding sources Making a funding application Research impact Promoting your research and research visibility Research governance Take part in research Managing an award Planning and assessment Knowledge exchange and commercialisation Research systems Repository and publishing Research management information Celebrating Excellence Awards
Our University
Brand Departments and schools Faculty support Freedom of information Governance Graduation Staff survey Sustainability and biodiversity University partnerships Strike action
Services and facilities
Buildings, grounds and maintenance Crowdfunding Childcare Design, print and copy services Events, meetings and conferences Faith Centre Finance, planning and data insight Food and drink IT services Marketing and communications support Media Centre Parking Post and property services Professional Services teams Sport and recreation Student work experience and volunteering Theatre and arts on campus Travel, transport and accommodation Web support
Health, safety and wellbeing
COVID-19 (Coronavirus) Emergencies, security and safety Activities health and safety Equipment safety Health and safety support Fire safety Reporting health and safety incidents or concerns Risk assessment Safeguarding Work and study environments Working with physical agents Working with substances Your health and wellbeing
Online services
Email login Research Information System Research Repository Room booking form Unit4 Business World Phonebook Change your password
People and Culture
HR Organiser People Manager Develop at Essex Homepage Job vacancies
Academic
Moodle Libraries Academic departments FASER LEAP MyTutor Programme specifications Reading lists (Talis Aspire)
Info and help
Find your way campus map IT services Tableau Planning information portal Key dates Staff blog Report harassment Report a concern about student
Staff Directory Home Working with information and data Data Protection and GDPR Data protection and third-party suppliers

Data protection and third-party suppliers

There are many situations where the University might engage a third party to carry out activities on their behalf, perhaps some specialist expertise or a software platform. 

Data processors and data controllers 

Where the third party will be collecting or storing the personal data of our staff, students, or customers on our behalf they are acting as ‘data processors.’ The University is the ‘data controller’ and determining how the data is used; the supplier or ‘data processor’ is carrying out our instructions. If the data processor is using its own processors, such as a hosting provider, these are called ‘subprocessors.’

In data protection law both ‘controllers’ and ‘processors’ have obligations under data protection law. If a processor suffers a data breach, the University could be liable for substantial monetary penalties.

Contract with the supplier

Whenever the University as ‘controller’ uses a processor it needs to ensure that there is a formal written contract in place with the supplier. The contract needs to cover a range of standard provisions stating that the processor must:

  • process data only on instructions from the University
  • ensure that their staff accessing the data are under an obligation of confidentiality
  • have appropriate security measures in place
  • assist the University with any data protection impact assessments for the University in relation to the system
  • only appoint their own third parties (“subprocessors”) on the University’s authorisation, who will process data at the same level of protection as they will   
  • demonstrate their compliance to the controller
  • take appropriate measures to help the controller respond to requests from individuals to exercise their rights
  • assist the controller in meeting its UK GDPR obligations in relation to the security of processing and the notification of data breaches
  • delete or return all personal data to the controller at the end of the contract, and also delete existing personal data unless the law requires its storage
  • submit to audits and inspections, providing the controller with whatever information it needs to ensure they are both meeting their Article 28 obligations

You can assess this in the contract checker document (.docx).

Arrow symbol
Contact us
Information Assurance Manager
Telephone: 01206 872285

  • University of Essex
  • Wivenhoe Park
  • Colchester CO4 3SQ

 

872400
CONNECT WITH US
© 2023 University of Essex. All rights reserved