GDPR and Data Storage


Managing and storing your university data safely, responsibly and appropriately

Managing and storing your university data safely, responsibly and appropriately

All of us have a responsibility to manage the data that we use and keep responsibly and appropriately. Part of that responsibility is ensuring that data is stored in an appropriate location with the correct level of protection.

The General Data Protection Regulation (GDPR) is an EU regulation which came into force on 25 May 2018 and replaces the current Data Protection Act. To comply with the Act, it is important that data is stored in a location which is appropriate for the data classification.

How do I know my data classification?

Data may be classified as:

Highly sensitive - An inappropriate disclosure of such information may cause severe damage or distress to an individual or the University's objectives and/or reputation

Personal/Confidential - An inappropriate disclosure of such information may negatively impact an individual or the University's objectives and/or reputation.

Non-sensitive/Open - Such information is publicly available to everyone.

Please refer to our Data Classification Policy and Information Handling Procedures for expanded information and examples of the different data types.

Where should I store my data?

In accordance with university policy, no data should be stored on local hard drives, and your own personally-owned data shouldn't be kept on university PCs.

University data should be stored on a university network drive (for example a folder on the U: drive), or in some cases the G: drive (your personal work drive) as appropriate for the security classification of the data.

You may also store Non-sensitive / Open data on your OneDrive for Business area.

I didn't realise I wasn't supposed to store data on my C: drive!

Data stored on local disk drives is considered to be insecure, and is more susceptible to loss through e.g. theft of the device or fault on the PC. Central storage is automatically backed up and therefore more reliable (whereas any data kept on your C: drive is not backed up). Careful storage of data on secure network drives has further advantages, for example, freeing up support staff time that has previously been spent trying to restore local data so that other support work can be attended to.  When Windows 10 is rolled out it will overwrite the local hard drive (C:), there will be no backup and restore of locally held data, and ILS will not recover any data lost from the C: drive.

How do I arrange a storage area on the U drive?

If you need to have a shared folder set up on the U: drive to accommodate your University data, request access to an existing folder, or ask for access to be restricted to certain people, please contact the IT Service Desk.

You will need to seek approval from the most appropriate person in your department. If you aren't sure who to ask, the Service Desk holds an approvers list for each faculty/directorate and will be able to advise you.  Once the request has been authorised then it will be assigned to the appropriate team.

I need to keep a lot of files - what if I run out of space on my G: drive?

The G:drive is limited in size and should really only be used where the information should not be shared with anyone else. If you are concerned about running out of storage space for your files or emails, you can contact the IT Service Desk who can increase your personal G: storage on request.

For more information about our responsibilities around the university data that we use and keep, look at our information compliance policies