The General Data Protection Regulation 2016/679 (GDPR) came in to effect on the 25th May 2018. This has brought in changes in which we notify the Information Commissioner’s Office (ICO) of any incidents concerning personal data.
The University has reviewed its reporting process for personal data loss incidents. The new process will see all reported incidents funnelled through a single point of contact – the Digital IT Service Desk on 0161 295 2444.
We now have 72 hours to report incidents to the ICO from its discovery. Additionally, early reporting can help limit the damage and impact that it may pose on individuals.
It is an incident that has or may lead to accidental or unlawful loss, alteration, disclosure or access to personal information.
It can be both confirmed or suspected – where the Confidentiality, Integrity or Availability of data or systems have been compromised.
It is any data that makes a living individual identifiable – directly or indirectly.
e.g. Name, address, phone number, IP address, vehicle registration, etc.
Please report any data breaches or security incidents to the Digital IT Service Desk by telephone on 0161 295 2444. The Service Desk will refer the case to the relevant teams.
You should always report your concerns because misuse could: damage the University network, be illegal or have a negative impact on the University's reputation. All of these can have a negative effect on your studies or job with the University. By reporting your concerns, you are providing the best opportunity to prevent any recurrence and to limit damage to the University and its data subjects as quickly as possible.
Andrew Hartley, the Director of Legal and Governance talks more about data breaches in this video: https://vimeo.com/287395184/e4e77539de.