The Essex website uses cookies. By continuing to browse the site you are consenting to their use. Please visit our cookie policy to find out which cookies we use and why. View cookie policy.

Working at Essex
Employee Voice survey Starting at Essex Equality, diversity and inclusion Employment policies, procedures and guidance Managing people Pay, rewards and benefits Pensions Taking leave Grading and reviews Professional development and training Recruiting staff Working flexibility Information and data UECS and Wivenhoe House staff Forums and networks
Teaching and learning
Academic standards and quality DBS checks for students Department student support roles Developing student success Exams and assessment Heads of Department Learning technologies Reading lists Staff awards and funding Student feedback Student wellbeing support and signposting Supporting students with disabilities and health conditions Supporting and welcoming new students Timetables
Research
Funding sources Making a funding application Research impact Promoting your research and research visibility Research governance Take part in research Managing an award Planning and assessment Knowledge exchange and commercialisation Research systems Repository and publishing Research management information Celebrating Excellence Awards
Our University
Brand Departments and schools Faculty support Freedom of information Governance Graduation Sustainability and biodiversity University partnerships
Services and facilities
Buildings, grounds and maintenance Crowdfunding Childcare Design, print and copy services Events, meetings and conferences Faith Centre Finance, planning and data insight Food and drink IT services Marketing and communications support Media Centre Parking Post and property services Professional Services teams Sport and recreation Strategic project delivery Student work experience and volunteering Theatre and arts on campus Travel, transport and accommodation Web support
Health, safety and wellbeing
Emergencies, security and safety Activities health and safety Equipment safety Health and safety support Fire safety Reporting health and safety incidents or concerns Risk assessment Safeguarding Work and study environments Working with physical agents Working with substances Your health and wellbeing
Online services
Email login Research Information System Research Repository Room booking form Unit4 Business World Phonebook Change your password
People and Culture
HR Organiser People Manager Develop at Essex Homepage Job vacancies
Academic
Moodle Libraries Academic departments FASER LEAP MyTutor Programme specifications Reading lists (Talis Aspire)
Info and help
Find your way campus map IT services Tableau Planning information portal Key dates Staff blog Report harassment Report a concern about student
Staff Directory Home Working with information and data Data Protection and GDPR Data protection definitions

Data protection definitions

The UK General Data Protection Regulation governs the processing of personal data.

The following terminology and definitions are used in the GDPR and related legislation, such as the Data Protection Act 2018.

You will often see this language in Terms and Conditions, Data Sharing Agreements,or contractual documentation with suppliers and third parties. 

Personal data

Defined in law as information relating to an identified or identifiable living natural person, where that individual can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. 

Special category data

Data considered to be of a higher risk and requiring an additional legal basis to process. Includes personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.  

Criminal convictions data

Personal data relating to criminal convictions and offences or related security measures.

Processing

‘Processing’ means any action that is performed on personal data such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction. 

Data subject

The individual who is the subject of personal data e.g.,staff, students, customers. 

Data Controller

A Data Controller determines the purposes for which personal data are processed. The University is a registered Data Controller. 

Data Processor

A Data Processor is any individual or organisation who processes personal data on behalf of, and according to the purposes defined by, the data controller. 

Subprocessor

A subprocessor is any organisation or individual who processes data on behalf of the processor. The processor is usually responsible for ensuring that these subprocessors give an equal level of data protection to controller’s data. 

Data Subject Rights

A data subject has a number of rights in regard totheir data, such as the right to access that data or the right to erase data no longer legally or contractually required. 

Data Protection Impact Assessment

A‘Data Protection Impact Assessment’(DPIA)is a document which explores the privacy risks around the processing of data. It is a legal requirement where any data processing is likely to result in a high risk to individuals and good practice for any project involving the processing of personal data.

Data breach

A data breach is an incident leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data. These need to be reported to the data protection officer as soon as possible. 

Data Protection Officer 

Every public authority requires a statutory Data Protection Officer to advise and monitor data protection compliance.

Pseudonymisation

‘Pseudonymisation’ means the processing of personal data in such a manner that the personal data can no longer be attributed to a specific data subject without the use of additional information provided that such additional information is kept separately and is subject to technical and organisational measures to ensure that the person is not identified.

Anonymisation

Means the processing of personal data in such a manner that it no longer becomes possible to link the data back to the individual and therefore ceases to be personal data and in the scope of GDPR.

Encryption

Encryption recodes data in such a way that it is only accessible to those who are given the key to open the files. A common approach would be to use password protected files for storage and transfer or encrypted removable media such as a portable hard drive or USB stick. Encryption is increasingly seen as a minimum standard for safeguarding data. 

International transfers

Where data is transferred outside the UK, perhaps by a third party that has servers in a different country, the University needs to determine that there are safeguards around the data. 

Direct marketing

Direct Marketing is advertising or marketing material which is directed to particular individuals. This covers all advertising or promotional material, including that promoting the aims or ideals of not-for-profit organisations. There are specific rules around direct marketing the University needs to follow and can be found on the dedicated intranet page for this topic. 

Arrow symbol
Contact us
Information Assurance Manager
Telephone: 01206 872285

  • University of Essex
  • Wivenhoe Park
  • Colchester CO4 3SQ

 

CONNECT WITH US
© 2024 University of Essex. All rights reserved