The UWI is now promulgating its Data Protection Policy. The Data Protection Policy was drafted to ensure that The UWI protects the data collected from all sources, especially the Personal Data of its staff, students and alumni. The Policy is also intended to prevent The UWI from breeching the various privacy legislation in the jurisdictions in which it operates. The Policy was approved by University F&GPC and a project was created to ensure that Policy promulgation occurs smoothly and that all relevant areas are included. The Project began on July 1, 2020.
The Project Manager is responsible for, among other things, guiding project activities and liaising with project team members to, as best as possible, ensure that Project activities are being undertaken, on time, within budget, and in accordance with stated Project objectives. Implementation/Project activities are organised into 6 components (or functional areas). Each functional area has a Working Group (WG) responsible for the associated activities (or project milestones). Each Working Group has a leader, who sits on the Project’s Implementation Committee (PIC), and the PIC, which provides project management oversight, is led by the University Registrar. The Project Manager is also a member of the PIC.
Data Protection Policy Implementation Committee
The purpose of the Implementation Committee is to ensure that the implementation of the Data Protection Policy is effectively managed. The Implementation Committee, as a decision-making body provides, reviews and monitors strategic direction, policy guidance and recommendations to ensure effective implementation of the policy.
Some of the active areas of work for this committee currently include the formulation and adoption of relevant Privacy Statements, Data Management Procedures, Data Protection Awareness Training and Support, and Compliance Audits. This is effected through Working Groups comprising expert members across the university system, spanning the thematic spheres of Legal, Human Resources, Archives and Record Management, Technology, Marketing and Communications and Registry Operations.
Working Groups
Legal
To investigate, discuss, analyse, advise on, and provide solutions for issues with legal and/or policy implications. Some of the activities include:
- Data Protection Obligations
- Rights of Data Subject
- Processing Agreements
- Data Processing Impact Assessment (DPIA)
- Consent
- Processing Children’s Data
- Subject Access Requests
- Policies and Procedures
Information Communication Technology
To investigate, review and provide solutions for the technical (infrastructure, hardware, software, or services) issues encountered, and the human resources required for successful post-project operations. Some of the activities include:
- To review infrastructure and software for data protection compliance
- Privacy by Design
- Information Security
- Basis for processing data
Marketing and Communications
To lead the dissemination, through the various communication channels used by The UWI, of data protection information (practices, policies, etc.). Some of the issues to be addressed:
- Subject Access Requests (SARs)
- Data Breach Response Plan
- Processing Agreements
Campus Records
To ensure that records, both traditional and electronic, are included and properly administered according to the strictures of the Data Protection Policy. Some of the activities include:
- Data Retention and Accountability
- Data Retention times
Human Resources
To review staff operations and address the issues related to data protection as well as to determine and provide recommendations to address talent management and issues concerning the rights and responsibilities of staff (full-time or otherwise) in relation to the new privacy paradigm the University has adopted. Some of the issues to be addressed include:
- Data Protection Obligations
- Policies and Procedures
- Training
- Basis for Processing Data
- Rights
- Data Retention and Accountability
- Consent
Registry Operations
To review staff operations in student processes - Admissions, Registration, and Examinations sections. Some of the issues to be addressed include:
- Data Protection Obligations
- Policies and Procedures
- Basis for Processing Data
- Rights
- Data Retention and Accountability