The GDPR is coming – to help you!
The mis-management and mis-use of individuals’ personal data by companies and other organisations is a massive and growing concern. What do we mean by personal data? Email addresses and other contact details, bank account and credit card information, details of medical conditions … all at risk of loss or theft if organisations don’t take proper care. Data breaches can result in serious financial or other consequences for people affected.
On 25 May 2018, the law is changing to give you more control over organisations holding and using your data. The European GDPR (General Data Protection Regulation) will be enshrined in UK legislation via the Data Protection Bill. Companies will have to obtain your consent to keep and use your data, and take proper care of it – or face huge financial penalties.
Special Collections and your data
We in Special Collections are already managing data as required by the law currently in place, the Data Protection Act of 1998. So GDPR does not mean a radical change in our working practices or relationships with our users. Along with all our colleagues at the University, we are however taking the opportunity to review the personal data we hold to make sure we are keeping only what is necessary and legal.
Special Collections manages personal data in two contexts:
- Records relating to the services we offer. Data about collection donors, users, partners, and other people who use our services or work with us: mostly email addresses, occasionally postal addresses and phone numbers. We are auditing the data we keep to make sure we have a lawful reason to retain it.
- Our archives. Archives are about people! Thus they contain personal data relating to those people. As our archives are mostly modern (20th and 21st century) many of those people are probably still alive. We have all kinds of data in all kinds of formats, though we most commonly see addresses and telephone numbers in correspondence – as in the Priestley example above. We keep the data in line with the provision for ‘archiving in the public interest’. We keep only what is archivally appropriate and legal, and access is restricted or closed.
I’ve written this as a summary to assist our users and to help raise public awareness of this important new legislation. Please do contact me if you have any queries about our management of personal data (you also have the right to submit a Subject Access Request).
For general GDPR/data protection queries, here are some resources that you may find useful: