Articles

GDPR and Data Storage

TLDRoffon

Managing and storing your university data safely, responsibly and appropriately

Managing and storing your university data safely, responsibly and appropriately

All of us have a responsibility to manage the data that we use and keep responsibly and appropriately. Part of that responsibility is ensuring that data is stored in an appropriate location with the correct level of protection.

The General Data Protection Regulation (GDPR) is an EU regulation. To comply with GDPR, it is important that data is stored in a location which is appropriate for the data classification.

How do I know my data classification?

Data may be classified as:

Highly sensitive - An inappropriate disclosure of such information may cause severe damage or distress to an individual or the University's objectives and/or reputation

Personal/Confidential - An inappropriate disclosure of such information may negatively impact an individual or the University's objectives and/or reputation.

Non-sensitive/Open - Such information is publicly available to everyone.

Please refer to our Procedure for Data Classification, Labelling and Handling (under our Policy for Information Security & Privacy Impact Assessments, Secure Data Handling and Disposal of IT Equipment)  for expanded information and examples of the different data types.

Where should I store my data?

In accordance with university policy, no data should be stored on local hard drives, and your own personally-owned data shouldn't be kept on university PCs.

Following additional infrastructure and system changes made by ILS to ensure university governed cloud storage is even more stable and secure, the Data Storage under Data Classification table has been updated, and university data may now be stored in Microsoft 365, including Teams and OneDrive for Business.

Please refer to our Procedure for Data Classification, Labelling and Handling (under our Policy for Information Security & Privacy Impact Assessments, Secure Data Handling and Disposal of IT Equipment)  for expanded information on where data can be stored.

For more information about our responsibilities around the university data that we use and keep, look at our information compliance policies https://www.gre.ac.uk/about-us/governance/information-compliance/policy