Changes to data protection laws and new mandatory training for staff

Data Protection Update

Changes to data protection laws and new mandatory training for staff

In May 2018, the General Data Protection Regulation (GDPR) will come into force and supersede the Data Protection Act 1998. This is the biggest change to data protection laws in 20 years and will result in substantial changes to the way organisations such as the University process personal data.

Although the GDPR derives from EU law, the UK Government have confirmed that the GDPR will be implemented into domestic law regardless of Brexit.

While the main principles of data protection remain largely the same, the GDPR is much stricter than the current Act. It is more prescriptive in terms of how we must comply and the penalties for non-compliance are more severe.

The new data protection laws will affect all departments and services; and all systems and processes involving personal data across the University. Within the University, personal data may relate to students, staff and third parties (such as research subjects).


Data protection online training module

As part of our preparations for GDPR compliance, Legal Services have developed a new mandatory online data protection training module, to be completed by all staff by the end of this academic year.

Staff will be required to re-take the test annually to ensure that data protection competence and awareness is developed on a continuous basis.

The training will introduce you to GDPR and help you to comply with data protection requirements in your day-to-day role. It will ensure you are:

  • familiar with University guidance about data protection issues relevant to your work
  • aware of how the University must comply with policies and the law by May 2018
  • more assured when dealing with personal data in your day to day role
  • able to reduce the risks to our students and staff


The training is an interactive module, including a short, multiple-choice test. It should take no longer than approximately 30 minutes to complete.

Complete the online training now by logging into Moodle

If you are not familiar with Moodle: Use your usual log in details to access Moodle, then click the first (yellow) icon on the page: Moodle.  Then click ‘staff resource area’ and ‘Legal’, where you will find the ‘Data Protection Act Module’. Click to begin the training.

GDPR: Next steps

Further guidance and instructions will be provided by Legal Services in the coming months, who will be contacting services across the University to determine where changes are needed and what additional support is required.

In the meantime, you can:

  • look out for emails and notices around campus about Data Protection, Information Security and Records Management
  • be ready to liaise and work with the Legal, Information Security and Records Management Teams about how these changes will impact your area
  • check out the University’s Data Protection Website, where further guidance and information will be published between now and May 2018