We all play a part in keeping data safe.
All of us have a responsibility to manage the data that we use and make sure it's stored securely and in the right place. This helps protect individuals, supports the university, and ensures we meet legal requirements.
The General Data Protection Regulation (GDPR) is an EU regulation that sets out how we must handle data. To meet GDPR requirements, we need to store data in a location which is appropriate for its level of sensitivity (classification).
How do I know my data classification?
Data at the university falls into three main categories:
- Highly sensitive: If this information is shared inappropriately, it could cause severe damage or distress to an individual or the University's objectives and/or reputation
- Personal/Confidential: If this information is shared inappropriately, it may negatively impact an individual or the university.
- Non-sensitive/Open: This information is suitable for public access.
For more details and examples, see the Procedure for Data Classification, Labelling and Handling (under our Policy for Information Security & Privacy Impact Assessments, Secure Data Handling and Disposal of IT Equipment).
Where should I store my data?
In accordance with university policy:
- Don’t store university data on your local hard drive
- Don’t keep personal data on university devices
University data should be stored in Microsoft 365, including Teams and OneDrive for Business. These services provide the right level of protection and allow you to work securely.
For more details and examples, see the Procedure for Data Classification, Labelling and Handling (under our Policy for Information Security & Privacy Impact Assessments, Secure Data Handling and Disposal of IT Equipment).
