The Essex website uses cookies. By continuing to browse the site you are consenting to their use. Please visit our cookie policy to find out which cookies we use and why. View cookie policy.

Working at Essex
Starting at Essex Equality, diversity and inclusion Employment policies, procedures and guidance Managing people Pay, rewards and benefits Pensions Taking leave Grading and reviews Professional development and training Recruiting staff Working flexibility Information and data UECS and Wivenhoe House staff Forums and networks
Teaching and learning
Academic standards and quality DBS checks for students Department student support roles Developing student success Exams and assessment Heads of Department Learning technologies Reading lists Staff awards and funding Student feedback Student wellbeing support and signposting Supporting students with disabilities and health conditions Supporting and welcoming new students Timetables
Research
Funding sources Making a funding application Research impact Promoting your research and research visibility Research governance Take part in research Managing an award Planning and assessment Knowledge exchange and commercialisation Research systems Repository and publishing Research management information Celebrating Excellence Awards
Our University
Brand Departments and schools Faculty support Freedom of information Governance Graduation Sustainability and biodiversity University partnerships
Services and facilities
Buildings, grounds and maintenance Crowdfunding Childcare Design, print and copy services Events, meetings and conferences Faith Centre Finance, planning and data insight Food and drink IT services Marketing and communications support Media Centre Parking Post and property services Professional Services teams Sport and recreation Strategic project delivery Student work experience and volunteering Theatre and arts on campus Travel, transport and accommodation Web support
Health, safety and wellbeing
COVID-19 (Coronavirus) Emergencies, security and safety Activities health and safety Equipment safety Health and safety support Fire safety Reporting health and safety incidents or concerns Risk assessment Safeguarding Work and study environments Working with physical agents Working with substances Your health and wellbeing
Online services
Email login Research Information System Research Repository Room booking form Unit4 Business World Phonebook Change your password
People and Culture
HR Organiser People Manager Develop at Essex Homepage Job vacancies
Academic
Moodle Libraries Academic departments FASER LEAP MyTutor Programme specifications Reading lists (Talis Aspire)
Info and help
Find your way campus map IT services Tableau Planning information portal Key dates Staff blog Report harassment Report a concern about student
Staff Directory Home Working with information and data Data Protection and GDPR Data Protection Impact Assessments

Data Protection Impact Assessments

One of the most important documents for the University in complying with GDPR is the ‘Data Protection Impact Assessment’(DPIA). It is a legal requirement where any data processing is likely to result in a high risk to individuals and good practice for any project involving the processing of personal data.

If you are starting a new project or changing the way you use staff, student, or customer data then you need to carry out a DPIA. 

Fill out the template and send it back to the Data Protection Officer at dataprotectionofficer@essex.ac.uk The DPO may ask for further information and provide advice and recommendations. If the project is particularly large-scale or high-risk senior management input and approval may be required. 

Tips for completing a Data Protection Impact Assessment (DPIA)

  1. Describe what the project does with personal data in detail, especially the flow of the data - what data is collected? where/how do you collect it? what system is used? who are you sharing it with? are you using a third-party to provide any hosting or software? what areas do you think are high risk, either in the data itself or in the process?
  2. One of the complex areas of the GDPR is determining a legal basis for processing the personal data. Consent is rarely the legal basis the University uses. Start with 'are we required by law to do this?' if no 'is it required to fulfil our contract with someone?' if no, 'is it required to fulfil the University's official powers to teach, research and award degrees?' if no, 'what legitimate interest is it meeting?' Think about these questions and liaise with the data protection team and we can get this covered.
  3. The GDPR gives people whose data you are working with a right to be informed about how it is being used. We have a number of privacy notices in place at the University but consider how you will let people know, particularly if it is a new type of service. Could you add a specific message on the website where people sign up or include contact details for more information?
  4. At the beginning of a project, you are often very focused on getting everything planned and launched. On the DPIA try and think about the end of the project and after. Will you need to delete the data? Will you be passing it onto another department or repository? How long do you need to keep it for?
  5. Don't worry if you are unsure about any of the sections on our template, just ask - we will work with you to make sure the DPIA supports both your project and the University's wider compliance requirements.
Arrow symbol
Contact us
Information Assurance Manager
Telephone: 01206 872285

  • University of Essex
  • Wivenhoe Park
  • Colchester CO4 3SQ

 

CONNECT WITH US
© 2024 University of Essex. All rights reserved