University of Derby

IT Knowledge Base

⚙️ Check System Availabiliy

GDPR and Collecting Data

The General Data Protection Regulation (GDPR) is specific about the information the University needs to provide to people about what we do with their personal data. We must actively provide this information to individuals in a way that is easy to access, read and understand.

To help, we have developed the Privacy Notice Guidance (Attached at the bottom of this page) which includes templates that can be adapted for your data collection processes.  

Templates included are:

  • Privacy Notice for Internal Forms and Data Collection Activities
  • Privacy Notice for Small Data Capture Cards
  • Privacy Notice for External or Student related Data Collection / Processing Activity

 

What is a privacy notice and why should I provide it when I collect data?


At a glance GDPR means:

  • Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
  • We must provide individuals with information including:
    • our purposes for processing their personal data
    • our retention periods for that personal data
    • who it will be shared with

We call this privacy information.

  • We must provide privacy information to individuals at the time we collect their personal data from them.
  • If we obtain personal data from other sources, we must provide individuals with privacy information within a reasonable period of obtaining the data and no later than one month.
  • The information we provide to people must be:
    • concise
    • transparent
    • intelligible
    • easily accessible, and it must
    • use clear and plain language
  • It is often most effective to provide privacy information to people using a combination of different techniques including layering, dashboards, and just-in-time notices.
  • User testing is a good way to get feedback on how effective the delivery of our privacy information is.
  • We must regularly review, and where necessary, update our privacy information. We must bring any new uses of an individual’s personal data to their attention before we start the processing.
  • Getting the right to be informed correct, can help you to comply with other aspects of the GDPR and build trust with people, but getting it wrong can leave you open to fines and lead to reputational damage.

If you need any help, guidance or support please contact gdpr@derby.ac.uk