Special Collections, data protection, and you

The GDPR is coming – to help you!

europe-3225247_1920

GDPR rubik’s cube, CC0 licence, via pixabay

The mis-management and mis-use of individuals’ personal data by companies and other organisations is a massive and growing concern. What do we mean by personal data?  Email addresses and other contact details, bank account and credit card information, details of medical conditions … all at risk of loss or theft if organisations don’t take proper care.  Data breaches can result in serious financial or other consequences for people affected.

On 25 May 2018, the law is changing to give you more control over organisations holding and using your data.  The European GDPR (General Data Protection Regulation) will be enshrined in UK legislation via the Data Protection Bill.  Companies will have to obtain your consent to keep and use your data, and take proper care of it – or face huge financial penalties.

Special Collections and your data

We in Special Collections are already managing data as required by the law currently in place, the Data Protection Act of 1998.  So GDPR does not mean a radical change in our working practices or relationships with our users.  Along with all our colleagues at the University, we are however taking the opportunity to review the personal data we hold to make sure we are keeping only what is necessary and legal.

PRI16_3 Leaving letter cr1

Letterhead from the JB Priestley Archive showing names, addresses and telephone numbers.  This is no longer personal data as JBP is deceased, so we are able to share the image with you.  (PRI 16/3).

Special Collections manages personal data in two contexts:

  1. Records relating to the services we offer.  Data about collection donors, users, partners, and other people who use our services or work with us: mostly email addresses, occasionally postal addresses and phone numbers.  We are auditing the data we keep to make sure we have a lawful reason to retain it.
  2. Our archives.  Archives are about people!  Thus they contain personal data relating to those people.  As our archives are mostly modern (20th and 21st century) many of those people are probably still alive.  We have all kinds of data in all kinds of formats, though we most commonly see addresses and telephone numbers in correspondence – as in the Priestley example above.  We keep the data in line with the provision for ‘archiving in the public interest’.  We keep only what is archivally appropriate and legal, and access is restricted or closed.

Further help

I’ve written this as a summary to assist our users and to help raise public awareness of this important new legislation.  Please do contact me if you have any queries about our management of personal data (you also have the right to submit a Subject Access Request).

For general GDPR/data protection queries, here are some resources that you may find useful:

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s