How to work safely with personal data
Today is international Data Protection Day, this is an EU wide initiative aimed at increasing awareness about the rights to personal data protection and privacy.
Do you know how to make sure that you are handling personal data safely in your day to day work, studies or research?
To ensure that you are taking all necessary precautions with your day-to-day handling of electronic personal data why not have a look at our working with personal data checklist below:
The personal data checklist
1. Secure your Computing Devices
Make sure that the computing devices that you are using to store, and process personal data are safe and secure. Your computers, laptops, tablets and phones should all be:
- Running the latest most secure versions of software available
- Protected by anti-virus software
- Protected from loss and theft by encryption software
- Protected from unauthorised access by strong passwords
- Mobile devices should be protected by strong access codes and encryption
- Disposed of safely at the end of their useful life.
If you are not sure of the security status of a device, then you should exercise caution and should not access or store University data on that device.
Public access computing devices such as computers in Internet Cafés should never be used to access University data or services due to the high risk of data breach resulting from such untrusted devices.
2. Use Secure University provided Data Storage
All University data should be stored securely in the most appropriate service with adequate data backup services. IT Services encourages staff to use the data storage services that they provide rather than general public services such as Dropbox or Google Drive which may not be GDPR compliant.
IT Services provide numerous data storage options including Microsoft OneDrive, Microsoft SharePoint, Microsoft Teams, Network File storage and specialised services for Research data storage.
If you use these services all your data will be securely stored, backed up and managed in compliance with the GDPR.Find out more on the data storage and sharing overview page.
3. Secure Data Transfer
Personal data should always be transferred securely.
Where personal data is being transferred by email or on removable media such as USB drives the data should be encrypted.
Where data is being transferred using an Internet Service such as Microsoft OneDrive care should be taken to ensure that the data has been shared with the correct person or organisation.
Data should not be transferred over public wireless networks such as those in a coffee shop or airport without the use of a Virtual Private Network (VPN) to ensure that the data cannot be intercepted.
Staff should configure their Wi-Fi settings so that your computer asks permission to join a new wireless network. If you are not using a VPN then do not use public Wi-Fi to access University Information.
4. Exercise Caution Online
Every time you turn on your computer, open an email attachment, click on an unfamiliar link while browsing the Internet you could be putting yourself and your information at risk. Make sure your Browser is up-to-date- Whether you use Chrome, Safari, Firefox or Microsoft Edge, make sure you are running the latest version. Be aware of scams and fraud such as phishing which could result in someone getting access to your email inbox or data files.
5. Where can I get further advice?
Further information on IT Security and GDPR compliance is available on the IT Security website.
Inquiries about Data access Requests and notification of Data Protection Breaches should be made to the Data Protection Officer.
Staff members should ensure that they have completed the appropriate training courses: