Accountability is a new explicit data protection principle under the GDPR which makes the University responsible for, and must be able to demonstrate, compliance with Data Protection Legislation. The University is proactive in its approach to data protection and achieves its accountability obligations by having in place a number of appropriate technical and organisational measures. Accountability is an ongoing obligation which must be regularly reviewed and helps the University show how it respects individual’s privacy.
Data Protection by design and default
Data Protection by design and default enables the University to comply with its obligations under Data Protection Legislation and document the decisions it makes. Integrating and documenting data protection consideration into everything the University does can be achieved by:
- Appointing a Data Protection Officer.
- Implementing policies, procedures, processes and training to promote and embed data protection by design and default.
- Using a Legitimate Interests Assessment – click here for template and guidance.
- Conducting systematic Data Protection Impact Assessments (‘DPIAs’) on processing activities – The University is now using CNIL's DPIA tool as the default template for DPIA's. If you are on a managed device, you can download the tool form here. If you are on an unmanaged device, you can download the tool form here. Please also see the associated guidance for completing DPIAs.
- Engaging with suppliers to complete an Information Security Workbook when work they are conducting on behalf of the University’s involves the processing of personal data.
- Having appropriate privacy provisions in written agreements in place when sharing personal data or engaging a data processor to conduct work on the University’s behalf which involves the processing of personal data.
- Maintaining a record of processing activities.
- Applying pseudonymisation techniques.
Some organisations are required to appoint an independent Data Protection Officer (DPO). If you wish to make a complaint or have any queries or concerns about how the University has handled your personal data you can contact the University’s DPO via email or post:
dpo at warwick dot ac dot uk
Data Protection Officer
Information and Data Compliance Team
University of Warwick
Kirby Corner Road
Please only use the above email address if you want to contact the DPO within their specific statutory capacity; any other correspondence about data protection matters should be sent to infocompliance at warwick dot ac dot uk.
There is a requirement to maintain documentation of the University’s processing activities which currently the University satisfies by registering with the Information Commissioner's Office. The University registration number is Z5856740 and further details of the Data Protection register entry be found on the Information Commissioner's website.
The following staff policy and guidance are in place:
- Golden Rules for handling personal data
- Consent guidance and consent form
- Personal data
- Records management
- GDPR Key Terms
Data Protection and information security training for University staff is available via:
Staff are required to complete both the information security essentials and GDPR e-learning module once every 12 months.